AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 12.10.2008 / 06:07
Haku:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > löytyykö logista mitää?
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Löytyykö logista mitää?
  Siirry:
 
Kirjoittaja Viesti
pietijan
Newbie
_ 		5. heinäkuuta 2008 @ 21:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20: VIRUS ALERT!, on 5.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\rhcp2rj0e79p\rhcp2rj0e79p.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\pphct2rj0e79p.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: gxvpsafm - {B1E0C6DC-BBEA-4DE1-BFCA-70362CD86579} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Kopioi 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P34 "EPSON Stylus C46 Series (Kopioi 1)" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [SMrhcp2rj0e79p] C:\Program Files\rhcp2rj0e79p\rhcp2rj0e79p.exe
O4 - HKLM\..\Run: [b083b4b0] rundll32.exe "C:\WINDOWS\system32\foigitin.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web01.ifi.fi/Webupload/ActiveX/IfiUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1104943380433
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: qegbdmwf - {EB4A0BC2-2914-4632-A2B0-74AC337F93A2} - C:\WINDOWS\qegbdmwf.dll
O21 - SSODL: pntqkflv - {E06CD8D8-B79D-4ECB-A98A-352C3869A66D} - C:\WINDOWS\pntqkflv.dll (file missing)
O21 - SSODL: SrvcVolume - {37cbee38-5dcf-4112-9153-9fece8182cdc} - C:\WINDOWS\Resources\SrvcVolume.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - iSecurity.cpl (file missing)
O21 - SSODL: PreBootCheck - {aab24374-7a26-46fd-a75c-a9274862d3de} - C:\WINDOWS\Resources\AlrtDrv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7125 bytes
[ + lainaa]
Hujo
AfterDawn Addict
_ 		5. heinäkuuta 2008 @ 21:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

===========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]
Eihä kone voi edes toimia?
Vai miten se oli
pietijan
Newbie
_ 		5. heinäkuuta 2008 @ 22:51 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Malwarebytes' Anti-Malware 1.19
Tietokantaversio: 924
Windows 5.1.2600 Service Pack 2

22:46:21 5.7.2008
mbam-log-7-5-2008 (22-46-21).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
Tarkistetut kohteet: 94227
Kulunut aika: 39 minute(s), 17 second(s)

Saastuneita muistiprosesseja: 1
Saastuneita muistimoduuleja: 9
Saastuneita rekisteriavaimia: 34
Saastuneita rekisteriarvoja: 11
Saastuneita rekisterikohteita: 18
Saastuneita hakemistoja: 11
Saastuneita tiedostoja: 60

Saastuneita muistiprosesseja:
C:\WINDOWS\system32\pphct2rj0e79p.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
C:\WINDOWS\system32\cBsqppqn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\foigitin.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cbXnonKe.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\rhcp2rj0e79p\rhcp2rj0e79pSkin.Dll (Rogue.AntivirusXP2008) -> Unloaded module successfully.
C:\WINDOWS\system32\931928\931928.dll (Trojan.BHO) -> Unloaded module successfully.
C:\WINDOWS\Resources\SrvcVolume.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\gxvpsafm.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\Resources\AlrtDrv.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\WINDOWS\qegbdmwf.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dea9cfa3-df7b-47e7-bc0d-9c9e40ba0205} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dea9cfa3-df7b-47e7-bc0d-9c9e40ba0205} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxnonke (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f6d7a37-a3d1-47f1-920d-3f48370d509b} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f6d7a37-a3d1-47f1-920d-3f48370d509b} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{37cbee38-5dcf-4112-9153-9fece8182cdc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\isecurity.mgr (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\isecurity.mgr.1 (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8311e8f-e459-4d22-89b4-cb9dcf10a425} (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8311e8f-e459-4d22-89b4-cb9dcf10a425} (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00a2fee3-a445-4e0e-b4fb-68403fcce8f4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{842374cd-527e-46cc-aaee-719585319301} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5d106d58-4634-46e9-a574-3af9daf7b5b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{367c28cf-9525-4e86-8a55-c3c14e14cb8a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{14b8149c-a16b-429e-a48e-d00166b0b74b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1e0c6dc-bbea-4de1-bfca-70362cd86579} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{aab24374-7a26-46fd-a75c-a9274862d3de} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\iSecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a0bc2-2914-4632-a2b0-74ac337f93a2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.bodb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.Fakealert) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b083b4b0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e55e1c86-434d-46f9-a253-2de4ab3f9734} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SrvcVolume (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\iSecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b1e0c6dc-bbea-4de1-bfca-70362cd86579} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PreBootCheck (Trojan.Clicker) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iSecurity applet (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antiviirus (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qegbdmwf (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pntqkflv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbsqppqn -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbsqppqn -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55695-OEM-0011903-00117) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (H:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Program Files\ISecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\Antivirus XP 2008 (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\SystemDefender (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\v20 (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\{32FF2108-1EF0-4ae8-8C23-17C92EAA5DEF} (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\{A39F804A-4A63-4ff2-B201-23B0E2CC8474} (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\{AE997BF5-8AF9-43c3-946B-2C29553E5141} (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\931928 (Trojan.BHO) -> Delete on reboot.

Saastuneita tiedostoja:
C:\WINDOWS\system32\cBsqppqn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nqppqsBc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nqppqsBc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\foigitin.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nitigiof.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXnonKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\rhcp2rj0e79p\rhcp2rj0e79pSkin.Dll (Rogue.AntivirusXP2008) -> Delete on reboot.
C:\WINDOWS\system32\931928\931928.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\pphct2rj0e79p.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Resources\SrvcVolume.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\gxvpsafm.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Toni\Local Settings\Temp\dssec.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HSI6KXG2\1214793684[1].dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HSI6KXG2\1214793684[2].dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HSI6KXG2\Antivirus2008PRO[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HSI6KXG2\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\HSI6KXG2\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\iSecurity\{A39F804A-4A63-4ff2-B201-23B0E2CC8474}\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0016788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0016795.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0016813.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0017815.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0017831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP86\A0017836.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP87\A0017867.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EE8DF87B-062F-430F-A052-91F824CC274C}\RP87\A0017884.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\koptyaua.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\shkleggx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vTLBUnom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\antivirusxp.bmp (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\antivirusxp.ico (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\antivirusxpi.bmp (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\iSecurity.dat (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\iSecurity.html (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\systemdefender.bmp (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\systemdefender.ico (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\systemdefenderi.bmp (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\Thumbs.db (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\Antivirus XP 2008\install.exe (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\ISecurity\{AE997BF5-8AF9-43c3-946B-2C29553E5141}\install.exe (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\AlrtDrv.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\antiviirus.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\tmp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\tmp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\qegbdmwf.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Suosikit\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Suosikit\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Toni\Suosikit\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
[ + lainaa]
pietijan
Newbie
_ 		5. heinäkuuta 2008 @ 23:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ComboFix 08-07-04.6 - Toni 2008-07-05 22:57:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.207 [GMT 3:00]
Running from: C:\Documents and Settings\Toni\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\.protected
C:\Documents and Settings\Toni\Application Data\rhcp2rj0e79p
C:\Documents and Settings\Toni\Käynnistä-valikko\Ohjelmat\Antivirus 2008 PRO
C:\Documents and Settings\Toni\Käynnistä-valikko\Ohjelmat\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\Toni\Käynnistä-valikko\Ohjelmat\Käynnistys\.protected
C:\Program Files\rhcp2rj0e79p
C:\WINDOWS\efbq.exe
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\resources\AlrtDrv.dll
C:\WINDOWS\resources\SrvcVolume.dll
C:\WINDOWS\system32\931928
C:\WINDOWS\system32\931928\931928.dll
C:\WINDOWS\system32\auaytpok.ini
C:\WINDOWS\system32\cBsqppqn.dll
C:\WINDOWS\system32\cbXnonKe.dll
C:\WINDOWS\system32\config\systemprofile\Työpöytä\SystemDefender.lnk
C:\WINDOWS\system32\foigitin.dll
C:\WINDOWS\system32\kpfptxts.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqppqsBc.ini
C:\WINDOWS\system32\nqppqsBc.ini2
C:\WINDOWS\system32\pphct2rj0e79p.exe
C:\WINDOWS\system32\xggelkhs.ini
C:\WINDOWS\system32\yramfvao.ini

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-05 to 2008-07-05 )))))))))))))))))
.

2008-07-05 22:07 . 2008-07-05 22:45 88,576 --------- C:\WINDOWS\system32\koptyaua.dll
2008-07-05 21:52 . 2008-07-05 22:45 88,576 --------- C:\WINDOWS\system32\shkleggx.dll
2008-07-05 21:47 . 2008-07-05 21:47 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 21:47 . 2008-07-05 21:47 <KANSIO> d-------- C:\Documents and Settings\Toni\Application Data\Malwarebytes
2008-07-05 21:47 . 2008-07-05 21:47 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 21:47 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 21:47 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-05 21:19 . 2008-07-05 21:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-04 23:40 . 2008-07-04 23:40 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-07-04 23:40 . 2008-07-04 23:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 23:39 . 2008-07-04 23:39 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 22:29 . 2008-07-04 22:29 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-06-30 05:48 . 2008-07-05 22:45 94,208 --a------ C:\WINDOWS\system32\42.tmp
2008-06-30 05:43 . 2008-06-30 05:43 138,752 --a------ C:\tmp1660931.dll
2008-06-30 05:43 . 2008-06-30 05:43 0 --a------ C:\system.dbf
2008-06-11 23:06 . 2008-06-14 20:59 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 16:04 --------- d-----w C:\Program Files\Nvc
2008-05-30 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NPF
2008-05-30 16:01 5 ----a-w C:\NPF_USER.DAT
2008-05-14 17:45 988 ----a-w C:\Documents and Settings\Toni\Application Data\wklnhst.dat
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 06:58 --------- d-----w C:\Documents and Settings\Toni\Application Data\MSN6
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-09-02 14:44 249856]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 19:15 106496]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-11-11 12:37 32881]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-14 05:00 99840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"EPSON Stylus C46 Series (Kopioi 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE" [2004-01-14 05:00 99840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SiSPower"="SiSPower.dll" [2004-09-02 14:47 49152 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-02-12 02:18]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-01-28 00:00]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 21:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{476fd160-0fc4-11dd-ae61-00030d1d557c}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{476fd163-0fc4-11dd-ae61-00030d1d557c}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c032160f-1ddd-11dd-ae6e-00030d1d557c}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-SMrhcp2rj0e79p - C:\Program Files\rhcp2rj0e79p\rhcp2rj0e79p.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 23:03:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sistray.exe
.
**************************************************************************
.
Completion time: 2008-07-05 23:08:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 20:07:58

Pre-Run: 16,446,038,016 tavua vapaana
Post-Run: 16,609,914,880 tavua vapaana

128 --- E O F --- 2008-06-22 08:00:46
[ + lainaa]
Mainos
_ 		__
 
_
Hujo
AfterDawn Addict
_ 		5. heinäkuuta 2008 @ 23:14 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
poista lisää poista sovellutuksesta

ISecurity
Antivirus 2008 PRO


Poista myös kansiot vikasiedossa

C:\Program Files\Antivirus 2008 PRO
C:\Program Files\ISecurity

===============

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.


[ + lainaa]
Eihä kone voi edes toimia?
Vai miten se oli
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > löytyykö logista mitää?
 

Multimedia: AfterDawn.com | AfterDawnin keskustelualueet
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit | Blasteroids.com (engl.)
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | Gaming downloads | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2008 AfterDawn Oy