Sain pari Vundoa pois mutta jotain jäi... (hjt-logi)

eli poistin viruksia kaikilla mahdollisilla adware ja spyware ohjelmilla
ja online virustutkilla.

paljon kakkaa lähti,
mutta jotain kummallista jäi.

jos suljen firefoxin,
niin silti se jää tehtävienhallintaan syömään cpu:ta 50%:lla.

ja jos yritän avata esim. paintshop pro:n,
niin ohjelma ei avaudu työpöydälle vaan se jää tehtävienhallintaan
syömään cpu:ta samalla 50:llä prosentilla,
kuin firefox.

hjt-logi heti rebootin jälkeen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:35, on 9.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\asagvnul.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [18627723] rundll32.exe "C:\WINDOWS\system32\abhcadrh.dll",b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.virustorjunta.net/modules/Online_Scanner/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\asagvnul.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe

--
End of file - 6427 bytes



----------------------------------------------------------------------


tähän perään vielä se smitfraud.exe






SmitFraudFix v2.250

Scan done at 4:07:49,85, pe 09.11.2007
Run from C:\Documents and Settings\spotlessmind\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\asagvnul.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\spotlessmind


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\spotlessmind\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SPOTLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{879518EA-128E-4666-8C8A-5F0266533890}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{879518EA-128E-4666-8C8A-5F0266533890}: NameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{879518EA-128E-4666-8C8A-5F0266533890}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Jooh. En näe koneellasi palomuuria, lataa itsellesi yksi täältä tai täältä

Käynnistä HijackThis, klikkaa do a system scan only.
Sulje kaikki muut ikkunat, merkkaa nämä rivit ja paina Fix checked : (jos löytyvät)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [18627723] rundll32.exe "C:\WINDOWS\system32\abhcadrh.dll",b
O23 - Service: DomainService - - C:\WINDOWS\system32\asagvnul.exe


Palvelun poisto:

Avaa Muistio ja kopioi seuraavat rivit siihen:

@echo off
sc stop DomainService
sc delete DomainService


Sitten documentti tallennetaan työpöydälle nimellä Poisto.bat ja tiedostotyypiksi: All Files.
Sitten ajetaan työpöydällä oleva Poisto.bat-tiedosto.

Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

 

tein kaiken minkä käskit ja latasin vielä Sygaten palomuurin koneelle

tässä uus hjt:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:35, on 9.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\spotless.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {019889D9-11C9-4A90-BE43-74048CA8279A} - C:\WINDOWS\system32\mlljj.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {1e518c13-f413-1edb-eb64-3df8b69a64e9} - {9e46a96b-8fd3-46be-bde1-314f31c815e1} - C:\WINDOWS\system32\wteujwoi.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.virustorjunta.net/modules/Online_Scanner/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxxurp - byxxurp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7278 bytes



----------------------------------------------------------------------

ja tässä vundo.txt



VundoFix V6.5.11

Checking Java version...

Scan started at 15:46:55 7.11.2007

Listing files found while scanning....

C:\WINDOWS\system32\pauipgjp.dll
C:\WINDOWS\system32\znlrhjog.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pauipgjp.dll
C:\WINDOWS\system32\pauipgjp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\znlrhjog.dll
C:\WINDOWS\system32\znlrhjog.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Scan started at 9:49:02 9.11.2007

Listing files found while scanning....

C:\WINDOWS\system32\yftikbey.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yftikbey.dll
C:\WINDOWS\system32\yftikbey.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Scan started at 9:52:51 9.11.2007

Listing files found while scanning....

C:\WINDOWS\system32\yftikbey.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yftikbey.dll
C:\WINDOWS\system32\yftikbey.dll Has been deleted!

Performing Repairs to the registry.
Done!


miltä näyttää? 0_0


edit.

voinko muuten ottaa windows xp:n oman palomuurin päältä pois nyt,
kun mulla on Sygaten muuri koneessa?

 

Jooh Windowsin oma palomuuri pois käytöstä.

Ei kaikki vundot lähteny, vähän viel säädetään:

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

combofixin logi:


ComboFix 07-11-08.1 - spotlessmind 2007-11-09 18:11:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2556 [GMT 2:00]
Running from: C:\Documents and Settings\spotlessmind\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\spotlessmind\Application Data\install_en[1].exe
C:\Documents and Settings\spotlessmind\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\BestsellerAntivirus
C:\Program Files\Temporary
C:\WINDOWS\b147.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\yftikbey.dllbox
C:\WINDOWS\system32\znlrhjog.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-09 18:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 09:57 <DIR> d-------- C:\Program Files\Sygate
2007-11-09 09:57 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-11-09 09:57 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-11-09 09:57 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-11-09 09:57 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-11-09 09:57 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-11-09 09:57 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-11-09 09:57 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-11-09 09:54 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-09 09:48 145,984 --a------ C:\WINDOWS\system32\rmvhrmia.dll
2007-11-09 04:07 3,028 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-09 01:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-09 01:42 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-09 01:41 <DIR> d-------- C:\Program Files\Corel
2007-11-08 11:03 86,080 --a------ C:\WINDOWS\system32\abhcadrh.dll
2007-11-08 11:03 80,448 --a------ C:\WINDOWS\system32\wteujwoi.dll
2007-11-08 11:03 71,232 --a------ C:\WINDOWS\system32\mpcfafui.exe
2007-11-07 20:29 47,313 --a------ C:\WINDOWS\system32\pctvcap.dll
2007-11-07 20:29 42,448 --a------ C:\WINDOWS\system32\drivers\pctvw2k.sys
2007-11-07 20:29 36,864 --a------ C:\WINDOWS\system32\io_pctv.dll
2007-11-07 20:29 29,408 --a------ C:\WINDOWS\system32\Mcipctv.dll
2007-11-07 20:29 2,145 --a------ C:\WINDOWS\system32\drivers\PCTVAud.sys
2007-11-07 20:11 <DIR> d-------- C:\Program Files\Pinnacle
2007-11-07 15:51 79,936 --a------ C:\WINDOWS\system32\gbkjbwxw.dll
2007-11-07 15:46 <DIR> d-------- C:\VundoFix Backups
2007-11-07 11:02 145,984 --a------ C:\WINDOWS\system32\nmufgoos.dll
2007-11-07 11:02 71,232 --a------ C:\WINDOWS\system32\asagvnul.exe
2007-11-07 01:27 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-07 01:16 <DIR> d-------- C:\Documents and Settings\spotlessmind\.housecall6.6
2007-11-07 01:04 <DIR> d-------- C:\Program Files\Bazooka Scanner
2007-11-06 15:49 87,104 --a------ C:\WINDOWS\system32\kmqrttfl.dll
2007-10-31 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-30 11:02 589 --a------ C:\WINDOWS\system32\myadgsfj.dll
2007-10-29 11:02 589 --a------ C:\WINDOWS\system32\ukuppyfq.dll
2007-10-28 22:51 32,256 --a------ C:\WINDOWS\system32\cbxuspm.dll
2007-10-25 20:29 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-10-25 20:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-25 20:01 <DIR> d-------- C:\Documents and Settings\spotlessmind\Application Data\Codemasters
2007-10-24 18:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-24 18:32 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-24 18:32 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-24 18:32 739,840 --a------ C:\WINDOWS\system32\divx.dll
2007-10-24 18:32 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-24 18:32 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-10-24 18:32 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-24 18:32 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-10-24 18:32 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-24 12:37 <DIR> d-------- C:\Program Files\foobar2000
2007-10-24 12:37 <DIR> d-------- C:\Documents and Settings\spotlessmind\Application Data\foobar2000
2007-10-19 20:44 <DIR> d-------- C:\Program Files\fraps
2007-10-18 10:53 <DIR> d-------- C:\Program Files\PartyGaming
2007-10-14 18:50 <DIR> d-------- C:\Program Files\Analog Devices
2007-10-14 18:50 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-10-14 18:50 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-10-14 18:50 229,376 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-10-14 18:50 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-10-14 18:50 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-10-14 17:57 <DIR> d-------- C:\Program Files\Skype
2007-10-14 17:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-14 17:57 <DIR> d-------- C:\Documents and Settings\spotlessmind\Application Data\Skype
2007-10-14 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-12 04:32 <DIR> d-------- C:\Program Files\Tweak-XP Pro 4
2007-10-12 04:25 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-12 04:24 <DIR> d-------- C:\TweakXP
2007-10-10 16:24 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-10-10 16:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-10 16:23 <DIR> d-------- C:\Program Files\Ahead
2007-10-10 16:23 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-10-10 16:23 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-10-10 16:23 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-10-10 16:23 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-10-10 16:23 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-10 09:00 <DIR> d-------- C:\Documents and Settings\spotlessmind\Application Data\Nero
2007-10-10 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-09 02:15 <DIR> d-------- C:\Program Files\Crawler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 16:16 --------- d-----w C:\Program Files\SpeedFan
2007-11-09 10:46 --------- d-----w C:\Program Files\mIRC
2007-11-09 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 07:54 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-08 21:44 --------- d-----w C:\Documents and Settings\spotlessmind\Application Data\Azureus
2007-11-07 14:55 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-07 14:55 --------- d-----w C:\Documents and Settings\spotlessmind\Application Data\Spyware Terminator
2007-11-07 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-07 14:15 --------- d-----w C:\Program Files\DC++
2007-10-31 18:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-25 18:29 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-19 18:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 18:36 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-19 18:35 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-10 14:23 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-10 14:18 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-05 06:16 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-05 06:16 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-05 05:00 --------- d-----w C:\Program Files\Creative
2007-10-05 03:47 --------- d-----w C:\Program Files\Azureus
2007-10-02 04:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-02 03:56 --------- d-----w C:\Program Files\GameSpy
2007-10-02 03:54 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-10-02 03:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-02 03:54 22,328 ----a-w C:\Documents and Settings\spotlessmind\Application Data\PnkBstrK.sys
2007-10-02 03:52 --------- d-----w C:\Program Files\Electronic Arts
2007-10-02 00:12 --------- d-----w C:\Program Files\core temp
2007-10-01 14:31 --------- d-----w C:\Program Files\QuickTime Alternative
2007-10-01 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-29 04:48 --------- d-----w C:\Program Files\Marvell
2007-09-29 04:42 22,528 ----a-w C:\WINDOWS\system32\drivers\WFIO64DR.sys
2007-09-29 04:41 40,960 ----a-w C:\WINDOWS\system32\wfnvgpio.dll
2007-09-29 04:40 1,142,784 ----a-w C:\WINDOWS\system32\WINFOXUT.dll
2007-09-29 04:39 9,600 ----a-w C:\WINDOWS\system32\drivers\winfoxiobackup.sys
2007-09-29 04:39 9,600 ----a-w C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-09-29 04:39 668,672 ----a-w C:\WINDOWS\system32\WF2KCPL.dll
2007-09-29 04:39 307,200 ----a-w C:\WINDOWS\system32\WFSRSV.SCR
2007-09-29 04:39 13,692 ----a-w C:\WINDOWS\system32\drivers\wfsys.sys
2007-09-29 04:39 110,592 ----a-w C:\WINDOWS\system32\WFLINE.SCR
2007-09-29 04:39 102,400 ----a-w C:\WINDOWS\system32\WFTIME.SCR
2007-09-29 04:39 1,490,944 ----a-w C:\WINDOWS\system32\wf2k.exe
2007-09-27 17:35 48,968,752 ----a-w C:\162.18_forceware_winxp_32bit_english_whql.exe
2007-09-26 22:04 --------- d-----w C:\Program Files\EA SPORTS
2007-09-13 06:45 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-12 12:37 --------- d-----w C:\Program Files\AquaMark3
2007-09-12 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-11 20:24 --------- d-----w C:\Program Files\ATITool
2007-09-11 17:40 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-09-11 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-09-11 11:22 --------- d-----w C:\Program Files\Driver Cleaner Pro
2007-09-11 04:20 --------- d-----w C:\Program Files\Futuremark
2007-09-10 20:27 42,343,200 ----a-w C:\91.47_forceware_winxp2k_english_whql.exe
2007-09-10 06:56 38,745,072 ----a-w C:\163.44_forceware_winxp_32bit_english_beta.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-31 01:19 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-08-31 01:19 270,336 ------w C:\WINDOWS\Setup1.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-02-14 13:59 978,377 ----a-w C:\Program Files\cpuz.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9e46a96b-8fd3-46be-bde1-314f31c815e1}]
2007-11-08 11:03 80448 --a------ C:\WINDOWS\system32\wteujwoi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 C:\WINDOWS\KHALMNPR.Exe]
"SystemTray"="SysTray.Exe" [2001-08-23 16:00 C:\WINDOWS\system32\systray.exe]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 15:21]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 14:36]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 12:13]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38]
"speedfan"="C:\Program Files\SpeedFan\speedfan.exe" [2007-02-28 20:28]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-06-28 23:43 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-03 09:04:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxurp]
byxxurp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^spotlessmind^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\spotlessmind\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
"C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray]
"C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c218c7d-e8db-11db-85f9-0018f3f5f629}]
\Shell\AutoRun\command - I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d36fa23c-e5b0-11db-85e9-0018f3f5f629}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebfa1222-e407-11db-85e1-0018f3f5f629}]
\Shell\AutoRun\command - F:\OblivionLauncher.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 18:16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 18:16:58 - machine was rebooted
.
--- E O F ---



-----------------------------------


ja tuore hjt-logi perään:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:00, on 9.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\HijackThis\spotless.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F5F0160-20D8-4C4F-AF4C-02AD925015CD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {1e518c13-f413-1edb-eb64-3df8b69a64e9} - {9e46a96b-8fd3-46be-bde1-314f31c815e1} - C:\WINDOWS\system32\wteujwoi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.virustorjunta.net/modules/Online_Scanner/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxxurp - byxxurp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7139 bytes

 

Combo näyttää, että koneellas on vielä niiin paljon paskaa, että sitä on aika turha alkaa näillä konsteilla putsaamaan. Siksi kysynkin sinulta: Onko sinulla Windowsin uudelleenasennus cd:tä ? Sillä jos se löytyy niin suosittelen sinua todella formatoimaan ja asentamaan windowsin uudelleen.

Voidaan toki yrittää putsata käsin, mutta se nostaa turhaan verenpainettani ja vie kallista aikaa.

Mieti siis uudelleenasennusta ja palaile asiaan!

 

Onhan mulla xp:n ja Vista Ultimaten asennuslevyt...

kaippa sitä sitten joutuu forkkaamaan windowsin,
niin ei tarvi kiusata sua enempää.

mulla on toisella kovolla kyllä onneks toi vista,
mutta en yhtään tykkää siitä ja
se on mielestäni ihan paska käyttis verrattuna XP:hen.

mutta SUURI kiitos kumminkin sulle kun yritit auttaa mua ja
alankin tästä nyt pelastamaan muille kovoille tavaraa.

opinpahan ainakin laittamaan kunnon palomuurin heti forkkauksen yhteydessä, enkä vain tyydy toivomaan,
että windowsin oma palomuuri toimisi.

 

kiitos, että ymmärrystä löytyy

harvoin tässäkään tehtävässä saa enää ymmärrystä puolelleen, kuitenkin me fixaajatkin olemme vain ihmisiä

ja vielä tohon, että joo windowsin palomuuri on aikamoista kuraa joten suosittelen lämpimästi sen unohtamista ja jonkun muun lataamista tilalle.

 

Tuli sitten laitettua windows xp uusiks ja jouduin hetkellisesti olemaan netissä explorerin vanhalla versiolla.

(sen aikaa kun hain firefoxin, avast!:in ja sygaten palomuurin.) ja ajattelin nyt vielä varmistaa,
että kerkeskö joku pöpö jo tarttua?

lyhyt hjt-logi:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:33, on 16.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 3670 bytes

 

Lokin mukaan puhdas, mutta jos iski epäilyksen peikko niin tarkasta asia:

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
* Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
* Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
* Käynnistä AVG Anti-Spyware.
* Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

• 
  * Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
  
  * Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
  * Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
  * Sitten "Reports" valikon alta:
  * Laita täppi kohtaan "Do not Automatically generate report"
  * Ota täppi pois kohdasta"Only if threats were found"
  
  * Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
  * "Resident shield is", muuta tila active:sta inactive:ksi
  * Sulje ohjelma, ÄLÄ skannaa vielä.
  Käynnistä koneesi vikasietotilaan, Ohje!
  
  HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
  * Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
  * Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
  * AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
  
  Kun skannaus on valmis:
  TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
  * Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
  * Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
  
  * Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
  * Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
  * Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestiketjuusi.

 

ajoin tuon avg scannin ja ja tuli vaan vihreää valoa.

(scan completed, nothing found.) tjs..

kiitti sulle vielä kerran..