Veracruz.exe

Eli olen vasta asentanut WinXP:n uudelleen, ja mulla on siinä kaksi kovalevyä. Toisella oli jo ennestään tavaraa, toisen alustin ennen wintoosan asentamista sille. Nyt tälle ensiksimainitulle kovolle on ilmestynyt windows-niminen kansio (pienellä alkukirjaimella), ja sen lisäksi siihen vierelle on tullut mitä lie roskaa, mm. otsikon veracruz.exe. Avast! havaitsi siinä matoa ja ties mitä, ja poistin sen jo kerran mutta taisi tulla uudestaan. Se windows-kansio sisältää jotain mouseen ja keyboardiin liittyviä juttuja, joita ei voinut poistaa kun olivat käytössä. Windows ei siis ole asennettuna tälle kovolle. Asiaan taisi liittyä myös Yazzle Sudoku-niminen pöpö... Jos joku on ennen törmännyt moiseen, niin vinkkejä sen taltuttamiseen otetaan vastaan...

 

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

 

Logfile of HijackThis v1.99.1
Scan saved at 16:32:41, on 11.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Norman\Npf\BIN\NPFSVICE.EXE
E:\Norman\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\update\wuauclt.exe
E:\WINDOWS\secure.exe
E:\Norman\Nvc\BIN\nipsvc.exe
E:\Norman\bin\NJEEVES.EXE
E:\Norman\Nvc\BIN\NVCSCHED.EXE
E:\Norman\Nvc\bin\nvcoas.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
C:\windows\mousepad10.exe
E:\Norman\bin\ZLH.EXE
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\WINDOWS\system32\mapiicon.exe
E:\Norman\Nvc\BIN\NIP.EXE
E:\Norman\Npf\BIN\npfmsg2.exe
E:\Norman\Nvc\bin\cclaw.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Erno\Työpöytä\HijackThis.exe
E:\WINDOWS\system32\wpabaln.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - E:\WINDOWS\DH.dll (file missing)
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft (R) Windows Security Service] E:\WINDOWS\secure.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] E:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [Norman ZANDA] E:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = E:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144513212953
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: policies - E:\WINDOWS\system32\nvl0293mg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\S2FyamFsYWluZW4\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MicroSoft Media Tools - Unknown owner - E:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - E:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - E:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - E:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - E:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - E:\WINDOWS\update\wuauclt.exe
O23 - Service: Windows Security Service (WindowsSecurity) - Unknown owner - E:\WINDOWS\secure.exe

 

Örkkejä löytyy

Kaksi antivirusta, avast ja norman. Poista toinen.

Poista ohjauspaneelista (lisää/poista sovellus, jos on):

Network Monitor

Hae ja päivitä ewido, ÄLÄ skannaa vielä ->
http://keskustelu.afterdawn.com/thread_view.cfm/269186

Lataa tuosta brute force uninstaller työpöydällesi http://www.merijn.org/files/bfu.zip työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
Oikea-klikkaa tästä -> http://metallica.geekstogo.com/alcanshorty.bfu ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa E]xecute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - E:\WINDOWS\DH.dll (file missing)
O4 - HKLM\..\Run: [Microsoft (R) Windows Security Service] E:\WINDOWS\secure.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Service] E:\WINDOWS\update\wuauclt.exe
O4 - HKLM\..\Run: [Local Security Authority Service] E:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINDOWS\System32\algs.exe
O20 - Winlogon Notify: policies - E:\WINDOWS\system32\nvl0293mg.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\S2FyamFsYWluZW4\command.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - E:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Update Service (UpdateSvc) - Unknown owner - E:\WINDOWS\update\wuauclt.exe
O23 - Service: Windows Security Service (WindowsSecurity) - Unknown owner - E:\WINDOWS\secure.exe

Sitten käynnistä -> suorita -> services.msc -> ok

Etsi listalta

Command Service
MicroSoft Media Tools
Network Monitor
Windows Update Service
Windows Security Service

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä.

Avaa HjT -> open misc tools -> delete nt service

Syötä (yksi kerrallaan) :

cmdService
MicroSoft Media Tools
Network Monitor
UpdateSvc
WindowsSecurity

ja klikkaa ok

Poista jos löytyy:

E:\WINDOWS\DH.dll
E:\WINDOWS\secure.exe
C:\windows\keyboard10.exe
C:\windows\mousepad10.exe
C:\windows\newname10.exe
E:\WINDOWS\System32\logon.exe
E:\WINDOWS\update
E:\WINDOWS\System32\lssas.exe
E:\WINDOWS\System32\algs.exe
E:\WINDOWS\S2FyamFsYWluZW4
E:\Program Files\Network Monitor
E:\WINDOWS\MSmedia.exe

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti

Käynnistä normaalisti uudelleen, postita tuore HijackThis logi ja ewidon raportti

 

Tein nuo jutut muuten mutten (vielä) poistanut Normania, kun siinä menisi samalla ainoa palomuurini (en tiedä onko avastissa moista)

tässä kuitenkin nämä raportit:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:20:54, 11.4.2006
+ Report-Checksum: 3D99A90E

+ Scan result:

HKU\S-1-5-21-796845957-343818398-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
:mozilla.23:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.24:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.25:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.26:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.27:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.44:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.48:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.52:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.62:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.64:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.83:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.84:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.88:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.89:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.90:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.99:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.104:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.106:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.107:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.114:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.115:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.116:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.117:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.118:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.119:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.120:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.121:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.122:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.123:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.146:E:\Documents and Settings\Erno\Application Data\Mozilla\Firefox\Profiles\ed8xptwr.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
E:\Documents and Settings\Erno\Cookies\erno@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
E:\Documents and Settings\Erno\Cookies\erno@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
E:\Documents and Settings\Erno\Cookies\erno@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Documents and Settings\Erno\Cookies\erno@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
E:\Documents and Settings\Erno\Omat tiedostot\Erno-kansio\Jakoa\Peliä\zip\Tiberian Sun.zip/RAZOR.EXE -> Dropper.Small.ux : Error during cleaning
:mozilla.9:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.10:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.20:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.52:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.53:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.55:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.58:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.59:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.62:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.86:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.87:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.88:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.89:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.90:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.91:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.95:E:\Documents and Settings\Kyllikki\Application Data\Mozilla\Firefox\Profiles\gz576k1l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
E:\Documents and Settings\Kyllikki\Cookies\kyllikki@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Documents and Settings\Kyllikki\Cookies\kyllikki@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.8:E:\Documents and Settings\Reino\Application Data\Mozilla\Firefox\Profiles\cr2mq7za.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.9:E:\Documents and Settings\Reino\Application Data\Mozilla\Firefox\Profiles\cr2mq7za.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.11:E:\Documents and Settings\Reino\Application Data\Mozilla\Firefox\Profiles\cr2mq7za.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Reino\Application Data\Mozilla\Firefox\Profiles\cr2mq7za.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
E:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
E:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup
E:\WINDOWS\system32\hqghumea.dll -> Backdoor.Small.jv : Cleaned with backup


::Report End


ja HijackThis-raportti:

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Norman\Npf\BIN\NPFSVICE.EXE
E:\Norman\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe
E:\Norman\Nvc\BIN\NVCSCHED.EXE
E:\Norman\Nvc\bin\nvcoas.exe
E:\Norman\bin\NJEEVES.EXE
E:\Norman\Nvc\BIN\nipsvc.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Norman\bin\ZLH.EXE
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\WINDOWS\system32\mapiicon.exe
E:\Norman\Nvc\BIN\NIP.EXE
E:\Norman\Nvc\bin\cclaw.exe
E:\Norman\Npf\BIN\npfmsg2.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Documents and Settings\Erno\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] E:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = E:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144513212953
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - E:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - E:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - E:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - E:\Norman\Nvc\BIN\NVCSCHED.EXE

vilkaisin sinne C:-asemalle ja siellä ne jutut vielä lojuu... voi olla että jossain meni jokin mönkään(?)

 

Loki on ok. Avastissa ei ole palomuuria, mutta ota ainakin Normanin virustorjunta pois päältä.

Poista sitten c:\windows-kansio, jos sellainen on.
Vikasietotilassa, jos ei muuten lähde.

 

ok, kiitoksia vaivannöstä

 

Ole hyvä Onko vielä jotain ongelmia?

 

ei varsinaisesti enää, ne rojut pystyi poistamaan ihan normaalisti mutta nyt sinne on tullut NPF_USER.dat-tiedosto taas. Vaikkei siitä ole varsinaista haittaa minua syö suuresti se ettei niitä ennen sinne ole ilmaantunut. Anyone?

 

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

 

File E:\WINDOWS\system32\dmbkvg.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\eyfijvve.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\fkapz.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\fshbp.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\gsnv.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\hwbhbph.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\nuiqk.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\oaeamtv.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\ovyid.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\pekvvh.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\pirt.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\rpntogz.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\rtldgn.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\wyespr.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016235.exe infected by "Trojan-Downloader.Win32.Adload.am" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016236.exe infected by "Trojan-Downloader.Win32.VB.aaf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016237.exe infected by "Trojan-Clicker.Win32.VB.ly" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016238.exe infected by "Trojan-Downloader.Win32.VB.aaf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016239.exe infected by "Trojan-Downloader.Win32.Adload.ae" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016240.exe infected by "Trojan-Downloader.Win32.VB.aaf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016241.exe infected by "Trojan-Downloader.Win32.Adload.an" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016243.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP2\A0003057.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP3\A0004057.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP4\A0005065.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP4\A0005071.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP4\A0006076.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP4\A0006081.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP5\A0007075.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP5\A0008072.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP5\A0010077.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP6\A0011073.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP6\A0011080.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP6\A0011082.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP6\A0011099.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP8\A0014631.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP8\A0014632.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP8\A0014647.exe infected by "Trojan-Proxy.Win32.Ranky.ey" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP8\A0014649.exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP8\A0014657.exe infected by "Trojan-Downloader.Win32.VB.aaf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{DEB05840-6144-4D96-926A-347F348F3189}\RP1\A0000031.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File E:\Documents and Settings\Erno\Local Settings\Temporary Internet Files\Content.IE5\O5IVOTY3\drsmartload[1].exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\8TEZ0TUF\drsmartload45a[1].exe infected by "Trojan-Downloader.Win32.Adload.an" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\8TEZ0TUF\keyboard9[1].exe infected by "Trojan-Downloader.Win32.VB.aaf" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\8TEZ0TUF\mousepad10[1].exe infected by "Trojan-Clicker.Win32.VB.ly" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\8XUNGT27\sk02[1].exe infected by "Trojan-Clicker.Win32.Small.jf" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\GHUB4123\keyboard10[1].exe infected by "Trojan-Downloader.Win32.Adload.am" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Kyllikki\Local Settings\Temporary Internet Files\Content.IE5\SHU7WXAZ\newname10[1].exe infected by "Trojan-Downloader.Win32.Adload.ae" Virus. Action Taken: File Deleted.
File E:\Documents and Settings\Reino\Local Settings\Temporary Internet Files\Content.IE5\GHUB4123\drsmartload[1].exe infected by "Trojan-Downloader.Win32.VB.aad" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016214.dll tagged as not-a-virus:AdWare.Win32.WebHancer.381. No Action Taken.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016217.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016369.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016370.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016371.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016372.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016373.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume Information\_restore{3542386B-3E62-44E8-BD46-F779B6DC4A66}\RP13\A0016374.exe infected by "Trojan-Downloader.Win32.Adload.aj" Virus. Action Taken: File Deleted.
File E:\System Volume InTraces of "Parite.b" found and cleaned !!!


mistä näitä sikiää

 

Netistähän niitä tulee ja vielä enemmän kun käyttää IE:tä eikä esim. Firefoxia Eli Firefoxia/Operaa suosittelen IE:n tilalle.

Järjestelmänpalautuksessa on örkkejä, joten se pitää putsata. Huomaa, että tällöin häviävät kaikki aiemmat palautuspisteet!

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Vielä ongelmia?

 

Luultavasti ei enempää ongelmia, toistaiseksi.
ps. mozillaa oon aina käyttänyt

 

Aivan juu, mutta pöpöjä oli myös IE:n väliaikaistiedostoissa
Mukava kuulla.