Heips. Ongelmia poistaa Virtumonde koneelta. Ei lähe ainakaan spybot S&Dllä, taikka F-securella. :/ Kiitokset avusta~ Logi: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:28, on 5.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Wallpaper Master\Wallpaper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://D:\components\A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: hyyloh.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8375 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. ------------------------------------------------------------------ 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. Folder:: ----------------------------------------------------------------- Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O20 - AppInit_DLLs: hyyloh.dll Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * Malwarebytes' Anti-Malware\Logs\log-päiväys.txt *
En nyt tähän mennessä tehnyt vielä muutakuin Malwarebytes' Anti-Malware vaiheen ja tässä siitä logi: Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1235 Windows 5.1.2600 Service Pack 2 7.10.2008 7:09:19 mbam-log-2008-10-07 (07-09-19).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 227528 Kulunut aika: 2 hour(s), 12 minute(s), 25 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 7 Saastuneita rekisteriavaimia: 14 Saastuneita rekisteriarvoja: 5 Saastuneita rekisterikohteita: 2 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 46 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\ddcCUkjh.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gytbkwhf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hyyloh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fymmwk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\cbXQklkL.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gmroepng.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uokfko.dll (Trojan.Vundo) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4def575c-ad09-4f00-a268-75bb5c71a8be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{4def575c-ad09-4f00-a268-75bb5c71a8be} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxqklkl (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3a1e9e72-b765-47c9-bfc0-d31fcca2396f} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c06700fd-a404-43e4-af57-fa4a5286cc21} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9201be21-160e-489b-9c61-45e96899f49d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c2d425b2-3452-427a-96be-b3cd66620205} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb3489 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd6925 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga7607 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc87 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddccukjh -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccukjh -> Delete on reboot. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\ddcCUkjh.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hjkUCcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hjkUCcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cbXQklkL.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gytbkwhf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fhwkbtyg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hyyloh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fymmwk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\gmroepng.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\uokfko.dll (Trojan.Vundo) -> Delete on reboot. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065777.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065787.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065789.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065790.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0065791.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067124.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067096.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067097.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067118.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067119.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067120.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067121.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067122.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067123.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067125.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067126.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067127.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067128.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067129.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067130.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067131.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067132.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067133.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{29F2C3C9-B712-4016-AAD0-5CC6A20389AF}\RP235\A0067134.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mmpxdnpe.0ll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wldkiwvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vjxcpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cuphuxld.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwckwwuf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gogkok.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lojygurd.0ll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jcafhbok.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matias\Local Settings\Temporary Internet Files\Content.IE5\0TQ7CPIZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Matias\Local Settings\Temporary Internet Files\Content.IE5\EF78FVEO\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM671d1646.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM671d1646.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Kiitokset avusta tähän mennessä!
Oikein !!! MB-AM hoiti Combon osuudenkin. ****************************************** Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat. ********************************************************** Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) ---------------------------------------------- Skannaa koneesi Kaspersky Online Skannerilla * Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept. * Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run. * Kun lataus on valmis, klikkaa Settings. * Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta. * Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report. * Näet listan saastuneista kohteista. Klikkaa Save Report As.... * Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save. * Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera .
