Vähän väliä tulee tälläinen pop-up työpöydälle: ja sen jälkeen mitä tahansa painaa, niin avaa IE:n ja heittää jollekkin bestseller -virusohjelma sivulle...Norton/Combofix/Ccleaner ei hauissaan löytänyt mitään mikä olisi lopettanut tuon... Eli toivottavasti HjT logista löytyy jotain. ------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:26:25, on 5.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hmjlrflp.dll",sitypnow O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180857199500 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
VundoFix ainakin lukeman perusteella toimi, muttei silti poistanut ongelmaa ollenkaan VundoFix V6.5.9 Checking Java version... Scan started at 16:19:15 5.10.2007 Listing files found while scanning.... C:\WINDOWS\system32\gttfvxxy.ini C:\WINDOWS\system32\qabwcstl.dll C:\WINDOWS\system32\yxxvfttg.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\gttfvxxy.ini C:\WINDOWS\system32\gttfvxxy.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qabwcstl.dll C:\WINDOWS\system32\qabwcstl.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yxxvfttg.dll C:\WINDOWS\system32\yxxvfttg.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\qabwcstl.dll C:\WINDOWS\system32\qabwcstl.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yxxvfttg.dll C:\WINDOWS\system32\yxxvfttg.dll Has been deleted! Performing Repairs to the registry. Done! Ja sitten HjT: Logfile of HijackThis v1.99.1 Scan saved at 16:43:45, on 5.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wxdmrfsj.dll",sitypnow O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180857199500 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe toivottavasti löytyy jotain(myös winrar ei toimi ja muillakin ollut samaa, eli onkohan joku yleinen virus?)
Uudelleen nimeäminen 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe
(miten muuten jos formatoin koneen, niin voiko tuo virus tulla takasia kovalevyltä?) esimerkiksi bsplayer antaaa tälläisen virheilmoituksen: Code: BSplayer v2.14.942, Unhandled exception at EIP: 0B8A3C88 If you click 'Close' application will be terminated. Please report this info to the author with description what were you doing. If you have internet connection, it's recommended to send error report, this will help us solve problems faster. Invalid floating point operation EInvalidOp Call stack: 00000000,0B8A3C88,0040496B,00492646,00492D4E,00427E48,0049326B,005C980D en tiedä onko apua, mutta nyt kuitenkin... ja tässä sitten log tuolta scanner.exeltä: Logfile of HijackThis v1.99.1 Scan saved at 20:59:39, on 5.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jason Scott\Desktop\scanner.exe.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: (no name) - {440F7139-8750-438F-B7E1-6A1AAD981859} - C:\WINDOWS\system32\ssqpn.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\basqmfyp.dll",sitypnow O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180857199500 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen. [*]Klikkaa Scan for Vundo valintaa. [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files [*]Kopioi ja liitä seuraavat 1 riviä yhteen ylimmäiseen boksiin C:\WINDOWS\system32\ssqpn.dll [*]Klikkaa Add Files ja sitten klikkaa Close Window. [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa. [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES. [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. ===================== Ohje AVG:n Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG:n Anti-Spyware 7.5:n ja tallenna ohjelma työpöydällesi. o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. o Käynnistä AVG:n Anti-Spyware. o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". o Sitten "Reports" valikon alta: o Laita täppi kohtaan "Automatically generate report after every scan" o Ota täppi pois kohdasta"Only if threats were found" o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa o "Resident shield is", muuta tila active:sta inactive:ksi o Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuoli näppäimellä vikasietotila paina enter ja enter HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta. o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware. o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. ================== Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne. ============== Lataa tuolta http://www.ccleaner.com/download/builds.aspx CCleaner v2.00.500 - Standard Build, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi ================ Lataa Dr.Web CureIt työpöydälle: [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. [*]Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata. [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. [*]Klikaa vihreää nuolta oikealla ja scan alkaa. [*]Klikkaa Yes to all, jos kysytään haluatko poistaa/siirtää tiedoston. [*]Kun scannaus on valmis [*]Klikaa Select all ja Klikkaa Delete [*]Klikaa File, save report list [*]Tallenna työpödälle ja kopio lista tänne
Login on scannattu/luotu järjestyksessä HjT AVG, E-scan, Dr.Web, VundoFix...eli VundoFix on tehty vikana, eli jos jotain löytyy esim. Vundosta mitä taas ei ole HjT/AVG:ssä, niin et ihmettele... VundoFix -log---------------------------------------------------- Beginning removal... VundoFix V6.5.9 Checking Java version... Scan started at 22:04:58 6.10.2007 Listing files found while scanning.... C:\WINDOWS\system32\crtbogbu.dll C:\WINDOWS\system32\ubgobtrc.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\crtbogbu.dll C:\WINDOWS\system32\crtbogbu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ubgobtrc.ini C:\WINDOWS\system32\ubgobtrc.ini Has been deleted! Performing Repairs to the registry. Done! HjT -log--------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 13:45:54, on 6.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Jason Scott\My Documents\HiJackThis.exe O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\igovvljk.dll",sitypnow O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180857199500 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe AVG report------------------------------------------------------- Isolla varoitti ainakin tuosta Dropper.Delf.aer:sta. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 17:34:58 6.10.2007 + Scan result: C:\Documents and Settings\Jason Scott\My Documents\Asennukset\Avast! Antivirus Professional v4 7 981 with KeyGen.rar/keygen.exe -> Dropper.Delf.aer : Cleaned with backup (quarantined). :mozilla.311:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.312:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.313:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.838:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.839:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.840:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.316:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adrenaline : Cleaned. :mozilla.319:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.320:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.209:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.210:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.211:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.383:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.384:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.385:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.386:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.931:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.932:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.168:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.169:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.170:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.145:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.844:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.845:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.846:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Live : Cleaned. :mozilla.847:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.848:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.812:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned. :mozilla.103:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.257:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.32:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Jason Scott\Cookies\jason scott@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.758:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.779:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.780:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.781:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.782:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.783:C:\Documents and Settings\Jason Scott\Application Data\Mozilla\Firefox\Profiles\8g971opk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end E-Scan report------------------------------------------------------ File C:\WINDOWS\system32\cnwrmgwl.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.wn. No Action Taken. File C:\WINDOWS\system32\cnwrmgwl.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.wn. No Action Taken. File C:\Documents and Settings\Jason Scott\Local Settings\Temp\xephldxm.exe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Jason Scott\Local Settings\Temp\moygmxbh.exe infected by "Trojan.Win32.Agent.bck" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Documents and Settings\Jason Scott\My Documents\Asennukset\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken. File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP97\A0014292.exe infected by "Trojan-Dropper.Win32.Agent.bfr" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP109\A0016365.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP137\A0019401.exe infected by "Backdoor.Win32.Rbot.eaa" Virus. Action Taken: File Renamed. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP142\A0019876.exe infected by "Trojan-Dropper.Win32.Microjoin.h" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP142\A0019878.exe infected by "Trojan-Dropper.Win32.Microjoin.h" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP142\A0019879.exe infected by "Trojan-Dropper.Win32.Microjoin.h" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP142\A0019880.exe infected by "Trojan-Dropper.Win32.Microjoin.h" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP142\A0019884.exe infected by "Trojan-Dropper.Win32.Microjoin.h" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP150\A0020764.exe tagged as not-a-virus:RiskTool.Win32.FWDisabler.a. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP151\A0021730.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP160\A0024868.dll infected by "Trojan.Win32.Pakes.ds" Virus. Action Taken: File Deleted. File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP160\A0024870.DLL infected by "Trojan.Win32.Pakes.ds" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161\A0024958.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.wm. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161\A0025221.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161\A0025233.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. Dr. Web -log------------------------------------------------------- RemoveWGA.exe; C:\Documents and Settings\Jason Scott\My Documents\Asennukset;Tool.RemoveWGA; Deleted.; Process.exe; C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix;Tool.Prockill; Deleted.; restart.exe; C:\Documents and Settings\Jason Scott\My Documents\Asennukset\SmitfraudFix (Haittaohjelmien poistaja)\SmitfraudFix;Tool.ShutDown.11; Deleted.; bsplayer_pro214.942.exe; C:\Documents and Settings\Jason Scott\My Documents\Asennukset\BS Player Pro;Trojan.Fakealert.348; Deleted.; sma_common.js; C:\Program Files\Sonera\InternetAvustaja\agentui\snapins\preferences;Probably SCRIPT.Virus; Deleted.; sprtsync.dll; C:\Program Files\Sonera\InternetAvustaja\bin;Probably DLOADER.Trojan; Deleted.; sprtupdate.dll; C:\Program Files\Sonera\InternetAvustaja\bin;Probably DLOADER.Trojan; Deleted.; modem_common.js; C:\Program Files\Sonera\InternetAvustaja\agentcommon\inc;Probably SCRIPT.Virus; Deleted.; uninstall.EXE; C:\Program Files\Webteh\BSplayerPro;Trojan.Fakealert.348; Deleted.; mirc.exe; C:\Program Files\mIRC;Program.mIRC.60; Deleted.; A0013595.exe; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP88;Trojan.Ulone; Deleted.; A0016685.exe; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP112;Trojan.Ulone; Deleted.; A0024726.EXE; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP160;Trojan.Fakealert.348; Deleted.; A0025232.exe; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161;Tool.Prockill; Deleted.; A0025234.exe; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161;Tool.ShutDown.11; Deleted.; A0025387.EXE; C:\System Volume Information\_restore{A2051995-3578-430A-9D27-4F28155DE65C}\RP161;Trojan.Fakealert.348; Deleted.; Nyt käynnistyksessä ei tullut mitään pop-upia ja ohjelmatkin toimivat, mutta käynnistyksessä "LUCOMS~1" ja Norton nostavat muistinkäyttönsä yli 50,000, mitä eivät ole aikaisemmin tehneet? No mutta toivottavasti eivät mitään pahaa tee ja jos logeissa näkyy jotain poistettavaa vielä, niin kerro niin poistan. Ja iso KIITOS avusta!!!
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
