hjt-logi

kone oudosti kaatuilee aivan sattuman varaisesti oisko pöpö vai oisko joku muu???







Logfile of HijackThis v1.99.1
Scan saved at 17:46:48, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?0163a5aa79f44af4b52585276bd81f58
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?0163a5aa79f44af4b52585276bd81f58
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130423661078
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3DF01E7-B0DE-473A-9B03-19E4745383A3}: NameServer = 212.50.211.242 212.50.192.226
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

Nuo fixiin:

O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon

Käynnistä uudelleen.

Poista jos löytyy:

C:\Program Files\Starware316\

Tyhjennä roskis

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

Lähetä myös uusi HjT-loki.

 

Poista lisää poista sovelutuksesta

Starware316
Toolbar: Starware316

scannaa merkkaa paina Fix checked

O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)


Käynnistä > suorita kirjoita alla olevat ja rivin jälkeen paina ok

sc stop MsaSvc
sc delete MsaSvc

Mene vikasietotilaan

Poista kansio

C:\Program Files\--> Starware316 <--

Lähetä:
Uusi Hjt-loki

 

File C:\WINDOWS\DR.0XE infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\WINDOWS\USER32.0XE infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\oma nimi\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\
oma nimi\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Kaspersky\Need for Speed Carbon crack.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\Kaspersky\NOCD Need for Speed Carbon crack.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\Kaspersky\Win.All Need for Speed Carbon crack.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Adoative\ACE.0LL infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\Program Files\Adoative\ERSBOARD.0XE infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\Program Files\Adoative\MSDOWDEB.0XE infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\Program Files\DR.0XE infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\Program Files\FinnishIRC XP\FIRC.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
File C:\Program Files\serial.dat infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\Program Files\serial.zip infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\Program Files\USER32.0XE infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP500\A0193511.exe tagged as not-a-virus:AdWare.Win32.Comet.ac. No Action Taken.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP528\A0206606.dll tagged as not-a-virus:AdWare.Win32.Comet.ac. No Action Taken.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225180.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225181.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225182.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225183.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225184.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP592\A0227147.exe infected by "Trojan-Dropper.Win32.Binder.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0227242.exe infected by "Trojan-Dropper.Win32.Binder.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228086.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228087.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228088.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228089.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228090.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228091.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP593\A0228092.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234562.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234563.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234564.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234565.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234566.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234567.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234568.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234572.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234573.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234574.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234575.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234576.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234583.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234584.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234585.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234586.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234587.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP617\A0235363.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP617\A0235364.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP617\A0235367.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP617\A0235368.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP618\A0235925.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP618\A0235926.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP618\A0235929.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP618\A0235930.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP619\A0236487.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP619\A0236488.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP619\A0236491.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP619\A0236492.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237047.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237048.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237051.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237052.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237645.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237646.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237647.exe infected by "Trojan-Downloader.Win32.Adload.hw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237648.exe infected by "Trojan-Downloader.Win32.Harnig.cu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237650.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237651.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP620\A0237652.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP662\A0266448.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP662\A0266449.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP662\A0266450.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP586\A0225185.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP613\A0234579.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{6D2ABB85-4FB5-48DB-8F90-96B7D738810C}\RP616\A0234799.exe infected by "Trojan-Dropper.Win32.Peerad.a" Virus. Action Taken: File Deleted.



Örkki luettelo

 

Tee myös nuo hujo:n ehdotukset, jäi service näkemättä :/

Ja aja tämä varoiksi:

imuroi aproposfix:

http://swandog46.geekstogo.com/aproposfix.exe

tallenna työpöydälle. älä aja sitä vielä

buuttaa vikasietotilaan:
http://support.microsoft.com/default.aspx?kbid=315222

vikasiedossa tuplaklikkaa aproposfix.exe ja pura se työpöydälle omaan kansioonsa

sitte eti kansiosta runthis.bat, seuraa näyttöä ja vastaa kysymyksiin

kun se on valmis buuttaa takas normaalitilaan, skannaa uudestaan hijackthisillä, laita loki tänne
laita myös tuosta aproposfix kansiosta sen loki log.txt

 

Tuossa muutama tarvii tehä tämä

• 1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
• 2. Valitse Properties/ominaisuudet
• 3. Valitse System Restore/järjestelmän palauttaminen välilehti
• 4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
• 5. Paina Apply/käytä
• 6. Paina OK
• 7. Käynnistä kone uudelleen
¤ ota Ruksi pois, poista järjestelmän palauttaminen kaikissa asemissa

 

vika äityi niin pahaksi etten pystynyt suorittamaan noita toimenpiteitä koneen sammuilun takia joten pistin kovat piippuun ja format c: ja winukka uusix.. tuleepahan ainaki kuntoon...kiitti kuitenki