(Jatkoa RUNDLL virhe) Vundofix, SDFix sekä HijackThis uudet lokit

DFix: Version 1.107

Run by Tonttu on su 30.09.2007 at 22:22

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Tonttu\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\GPIOUVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\WUPDATE.EXE - Deleted
C:\WINDOWS\SYSTEM32\GPIOUVY.EXE - Deleted
C:\WINDOWS\SYSTEM32\WUPDATE.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSINFO.EXE - Deleted
C:\a.bat - Deleted
C:\WINDOWS\system32\o - Deleted
C:\WINDOWS\system32\sysinfo.exe - Deleted
C:\WINDOWS\system32\wupdate.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"h"="h:*:Enabled:Microsoft Windows Update"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
@=":*:Enabled:Microsoft Windows Update"
"C:\\WINDOWS\\system32\\iwprycww.exe"="C:\\WINDOWS\\system32\\iwp"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Tonttu\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 29 Sep 2007 38,649 ..SHR --- "C:\WINDOWS\system\NOTEPAD.exe"

Finished!





VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 22:01:47 30.9.2007

Listing files found while scanning....

C:\WINDOWS\system32\eqxnaihy.dll
C:\WINDOWS\system32\huthnrnj.dll
C:\windows\system32\opqss.bak1
C:\windows\system32\opqss.bak2
C:\windows\system32\opqss.ini
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\yhianxqe.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eqxnaihy.dll
C:\WINDOWS\system32\eqxnaihy.dll Could not be deleted.

Attempting to delete C:\windows\system32\opqss.bak1
C:\windows\system32\opqss.bak1 Has been deleted!

Attempting to delete C:\windows\system32\opqss.bak2
C:\windows\system32\opqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yhianxqe.ini
C:\WINDOWS\system32\yhianxqe.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eqxnaihy.dll
C:\WINDOWS\system32\eqxnaihy.dll Has been deleted!

Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...



C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\hjt\Skanneri.exe

O2 - BHO: (no name) - {021802BB-BED0-43A2-9ABF-AF37A7EE489A} - C:\WINDOWS\System32\ssqpo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: byxuuss - C:\WINDOWS\SYSTEM32\byxuuss.dll
O20 - Winlogon Notify: ddcdedc - C:\WINDOWS\SYSTEM32\ddcdedc.dll
O20 - Winlogon Notify: fccawtr - C:\WINDOWS\SYSTEM32\fccawtr.dll
O20 - Winlogon Notify: fccaxuv - C:\WINDOWS\SYSTEM32\fccaxuv.dll
O20 - Winlogon Notify: gebbccy - C:\WINDOWS\SYSTEM32\gebbccy.dll
O20 - Winlogon Notify: gebcaxx - C:\WINDOWS\SYSTEM32\gebcaxx.dll
O20 - Winlogon Notify: jkkjifd - C:\WINDOWS\SYSTEM32\jkkjifd.dll
O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
O20 - Winlogon Notify: mljklll - C:\WINDOWS\SYSTEM32\mljklll.dll
O20 - Winlogon Notify: rqrponl - C:\WINDOWS\SYSTEM32\rqrponl.dll
O20 - Winlogon Notify: rqrqnmm - C:\WINDOWS\SYSTEM32\rqrqnmm.dll
O20 - Winlogon Notify: tuvsttu - C:\WINDOWS\SYSTEM32\tuvsttu.dll
O20 - Winlogon Notify: urqqqqo - C:\WINDOWS\SYSTEM32\urqqqqo.dll
O20 - Winlogon Notify: xxyaxyw - C:\WINDOWS\SYSTEM32\xxyaxyw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4185 bytes

 

Lataa Dr.Web CureIt työpöydälle:

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa Yes to all, jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scannaus on valmis
[*]Klikaa Select all ja Klikkaa Delete
[*]Klikaa File, save report list
[*]Tallenna työpödälle ja kopio lista tänne

===================

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.


==================

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe

sitten

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop NOTEPAD
sc delete NOTEPAD

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

==================

Haje koneelle palomuuri softa tuolta
Linkki

=================

scannaa uusi hjt:n loki ja laita se kokonaisena

 

ei ollut tuota O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe

jatkanko ohjeen mukaan?

 

jatka vain mutta jätä tämä tekemättä

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe

sitten

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop NOTEPAD
sc delete NOTEPAD

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

Kun olet muut tehnyt
scannaa sen jälkeen aivan uusi hjt:n loki

 

Tässäpä tämä HJT loki:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:29, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD7A672-24CF-449E-92D1-DC9D5072759B} - C:\WINDOWS\System32\ssqpo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xdwundri.dll",sitypnow
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: byxuuss - C:\WINDOWS\SYSTEM32\byxuuss.dll
O20 - Winlogon Notify: ddcdedc - C:\WINDOWS\SYSTEM32\ddcdedc.dll
O20 - Winlogon Notify: fccawtr - C:\WINDOWS\SYSTEM32\fccawtr.dll
O20 - Winlogon Notify: fccaxuv - C:\WINDOWS\SYSTEM32\fccaxuv.dll
O20 - Winlogon Notify: gebbccy - C:\WINDOWS\SYSTEM32\gebbccy.dll
O20 - Winlogon Notify: gebcaxx - C:\WINDOWS\SYSTEM32\gebcaxx.dll
O20 - Winlogon Notify: gebxvsq - C:\WINDOWS\SYSTEM32\gebxvsq.dll
O20 - Winlogon Notify: jkkjifd - C:\WINDOWS\SYSTEM32\jkkjifd.dll
O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
O20 - Winlogon Notify: mljklll - C:\WINDOWS\SYSTEM32\mljklll.dll
O20 - Winlogon Notify: rqrponl - C:\WINDOWS\SYSTEM32\rqrponl.dll
O20 - Winlogon Notify: rqrqnmm - C:\WINDOWS\SYSTEM32\rqrqnmm.dll
O20 - Winlogon Notify: ssqommm - C:\WINDOWS\SYSTEM32\ssqommm.dll
O20 - Winlogon Notify: tuvsttu - C:\WINDOWS\SYSTEM32\tuvsttu.dll
O20 - Winlogon Notify: urqqqqo - C:\WINDOWS\SYSTEM32\urqqqqo.dll
O20 - Winlogon Notify: xxyaxyw - C:\WINDOWS\SYSTEM32\xxyaxyw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4503 bytes



DrWeb loki:

notepad.exe;c:\windows\system;BackDoor.IRC.Sdbot.1964;Deleted.;
HPFix.reg;C:\Documents and Settings\Tonttu\Desktop\SDFix\apps;Trojan.StartPage.1505;Deleted.;
HPFix2.reg;C:\Documents and Settings\Tonttu\Desktop\SDFix\apps;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Tonttu\Desktop\SDFix\apps;Tool.Prockill;Deleted.;
valera[1];C:\Documents and Settings\Tonttu\Local Settings\Temporary Internet Files\Content.IE5\6ERDJFYE;Trojan.EzulaAd;Deleted.;
jaun_20070726[1];C:\Documents and Settings\Tonttu\Local Settings\Temporary Internet Files\Content.IE5\W07NL1HC;Trojan.Virtumod;Deleted.;
A0005485.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP120;Trojan.AVKill.305;Deleted.;
A0005566.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP120;Trojan.AVKill.305;Deleted.;
A0005586.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP120;Trojan.AVKill.305;Deleted.;
A0006582.dll;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP121;Trojan.Virtumod;Deleted.;
A0007150.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP121;Trojan.AVKill.305;Deleted.;
A0007171.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP121;Trojan.AVKill.305;Deleted.;
A0007184.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP121;Trojan.AVKill.305;Deleted.;
A0007199.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP121;Trojan.AVKill.305;Deleted.;
A0008202.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008215.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008238.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008246.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008255.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008261.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Win32.HLLW.MyBot;Deleted.;
A0008262.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Win32.HLLW.MyBot;Deleted.;
A0008264.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008272.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.AVKill.305;Deleted.;
A0008273.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Win32.HLLW.MyBot;Deleted.;
A0008276.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Win32.HLLW.MyBot;Deleted.;
A0008365.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;BackDoor.IRC.Sdbot.1964;Deleted.;
A0008366.reg;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.StartPage.1505;Deleted.;
A0008367.reg;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP122;Trojan.StartPage.1505;Deleted.;
A0000289.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP3;Trojan.AVKill.305;Deleted.;
A0000499.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP3;Trojan.AVKill.305;Deleted.;
A0001384.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP60;Trojan.AVKill.305;Deleted.;
A0000573.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP7;Trojan.AVKill.305;Deleted.;
A0000596.exe;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP7;Win32.HLLW.MyBot;Deleted.;
A0000601.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP7;Trojan.AVKill.305;Deleted.;
A0001557.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP71;Trojan.AVKill.305;Deleted.;
A0001585.bat;C:\System Volume Information\_restore{3ED5C5B3-E24F-4E67-A6FF-A561C91E9DED}\RP71;Trojan.AVKill.305;Deleted.;
iwprycww.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;


Ja SmitFraudFix loki:

SmitFraudFix v2.234

Scan done at 14:16:38,18, ma 01.10.2007
Run from C:\Documents and Settings\Tonttu\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

Nyt ei enään ainakaan ole tullut sitä RUNDLL virhettä.

 

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

==========

mites kone toimii?

 

Hyvinhän tämä nyt toimii. Ei tule mitään virheilmoituksia käynnistäessä. Eikä kone pyöri mitenkään kovin hitaasti. Ainoa asia mikä ihmetyttää on se ettei windowsin päivitykset millään pysy päällä. Aina kun koneen käynnistää uudestaan ne ovat menneet pois päältä

 

laitas hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:33, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CCEFD3A9-47D0-4E4C-B777-7C1DDB6C9281} - C:\WINDOWS\System32\ssqpo.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\xdwundri.dll",sitypnow
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: byxuuss - C:\WINDOWS\SYSTEM32\byxuuss.dll
O20 - Winlogon Notify: ddcdedc - C:\WINDOWS\SYSTEM32\ddcdedc.dll
O20 - Winlogon Notify: fccawtr - C:\WINDOWS\SYSTEM32\fccawtr.dll
O20 - Winlogon Notify: fccaxuv - C:\WINDOWS\SYSTEM32\fccaxuv.dll
O20 - Winlogon Notify: gebbccy - C:\WINDOWS\SYSTEM32\gebbccy.dll
O20 - Winlogon Notify: gebcaxx - C:\WINDOWS\SYSTEM32\gebcaxx.dll
O20 - Winlogon Notify: gebxvsq - C:\WINDOWS\SYSTEM32\gebxvsq.dll
O20 - Winlogon Notify: jkkjifd - C:\WINDOWS\SYSTEM32\jkkjifd.dll
O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
O20 - Winlogon Notify: mljklll - C:\WINDOWS\SYSTEM32\mljklll.dll
O20 - Winlogon Notify: rqrponl - C:\WINDOWS\SYSTEM32\rqrponl.dll
O20 - Winlogon Notify: rqrqnmm - C:\WINDOWS\SYSTEM32\rqrqnmm.dll
O20 - Winlogon Notify: ssqommm - C:\WINDOWS\SYSTEM32\ssqommm.dll
O20 - Winlogon Notify: tuvsttu - C:\WINDOWS\SYSTEM32\tuvsttu.dll
O20 - Winlogon Notify: urqqqqo - C:\WINDOWS\SYSTEM32\urqqqqo.dll
O20 - Winlogon Notify: xxyaxyw - C:\WINDOWS\SYSTEM32\xxyaxyw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4528 bytes

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 6 riviä kuuteen ylimmäiseen boksiin

C:\WINDOWS\SYSTEM32\byxuuss.dll
C:\WINDOWS\SYSTEM32\ddcdedc.dll
C:\WINDOWS\SYSTEM32\fccawtr.dll
C:\WINDOWS\SYSTEM32\fccaxuv.dll
C:\WINDOWS\SYSTEM32\gebbccy.dll
C:\WINDOWS\SYSTEM32\gebcaxx.dll

[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

 

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 21:57:18 1.10.2007

Listing files found while scanning....

C:\windows\system32\opqss.bak2
C:\windows\system32\opqss.ini
C:\windows\system32\ssqpo.dll
C:\WINDOWS\system32\xdwundri.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\byxuuss.dll
C:\WINDOWS\SYSTEM32\byxuuss.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcdedc.dll
C:\WINDOWS\SYSTEM32\ddcdedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccawtr.dll
C:\WINDOWS\SYSTEM32\fccawtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccaxuv.dll
C:\WINDOWS\SYSTEM32\fccaxuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gebbccy.dll
C:\WINDOWS\SYSTEM32\gebbccy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gebcaxx.dll
C:\WINDOWS\SYSTEM32\gebcaxx.dll Has been deleted!

Attempting to delete C:\windows\system32\opqss.bak2
C:\windows\system32\opqss.bak2 Has been deleted!

Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xdwundri.dll
C:\WINDOWS\system32\xdwundri.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xdwundri.dll
C:\WINDOWS\system32\xdwundri.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:40, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9446ADC-204F-45F1-97F2-0AFE277FED73} - C:\WINDOWS\System32\ssqpo.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: gebxvsq - C:\WINDOWS\SYSTEM32\gebxvsq.dll
O20 - Winlogon Notify: jkkjifd - C:\WINDOWS\SYSTEM32\jkkjifd.dll
O20 - Winlogon Notify: mljkllk - C:\WINDOWS\SYSTEM32\mljkllk.dll
O20 - Winlogon Notify: mljklll - C:\WINDOWS\SYSTEM32\mljklll.dll
O20 - Winlogon Notify: rqrponl - C:\WINDOWS\SYSTEM32\rqrponl.dll
O20 - Winlogon Notify: rqrqnmm - C:\WINDOWS\SYSTEM32\rqrqnmm.dll
O20 - Winlogon Notify: ssqommm - C:\WINDOWS\SYSTEM32\ssqommm.dll
O20 - Winlogon Notify: tuvsttu - C:\WINDOWS\SYSTEM32\tuvsttu.dll
O20 - Winlogon Notify: urqqqqo - C:\WINDOWS\SYSTEM32\urqqqqo.dll
O20 - Winlogon Notify: xxyaxyw - C:\WINDOWS\SYSTEM32\xxyaxyw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4061 bytes

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 6 riviä kuuteen ylimmäiseen boksiin

C:\WINDOWS\SYSTEM32\gebxvsq.dll
C:\WINDOWS\SYSTEM32\jkkjifd.dll
C:\WINDOWS\SYSTEM32\mljkllk.dll
C:\WINDOWS\SYSTEM32\mljklll.dll
C:\WINDOWS\SYSTEM32\rqrponl.dll
C:\WINDOWS\SYSTEM32\rqrqnmm.dll

[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

 

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 22:15:08 1.10.2007

Listing files found while scanning....

C:\windows\system32\opqss.ini
C:\windows\system32\ssqpo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\gebxvsq.dll
C:\WINDOWS\SYSTEM32\gebxvsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkkjifd.dll
C:\WINDOWS\SYSTEM32\jkkjifd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljkllk.dll
C:\WINDOWS\SYSTEM32\mljkllk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mljklll.dll
C:\WINDOWS\SYSTEM32\mljklll.dll Has been deleted!

Attempting to delete C:\windows\system32\opqss.ini
C:\windows\system32\opqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrponl.dll
C:\WINDOWS\SYSTEM32\rqrponl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrqnmm.dll
C:\WINDOWS\SYSTEM32\rqrqnmm.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpo.dll
C:\windows\system32\ssqpo.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:12, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9446ADC-204F-45F1-97F2-0AFE277FED73} - C:\WINDOWS\System32\ssqpo.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ssqommm - C:\WINDOWS\SYSTEM32\ssqommm.dll
O20 - Winlogon Notify: tuvsttu - C:\WINDOWS\SYSTEM32\tuvsttu.dll
O20 - Winlogon Notify: urqqqqo - C:\WINDOWS\SYSTEM32\urqqqqo.dll
O20 - Winlogon Notify: xxyaxyw - C:\WINDOWS\SYSTEM32\xxyaxyw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 3680 bytes

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 5 riviä viiteen ylimmäiseen boksiin

C:\WINDOWS\SYSTEM32\ssqommm.dll
C:\WINDOWS\SYSTEM32\tuvsttu.dll
C:\WINDOWS\SYSTEM32\urqqqqo.dll
C:\WINDOWS\SYSTEM32\xxyaxyw.dll
C:\WINDOWS\System32\ssqpo.dll

[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

 

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 22:27:32 1.10.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ssqommm.dll
C:\WINDOWS\SYSTEM32\ssqommm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqommm.dll
C:\WINDOWS\SYSTEM32\ssqommm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\tuvsttu.dll
C:\WINDOWS\SYSTEM32\tuvsttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\urqqqqo.dll
C:\WINDOWS\SYSTEM32\urqqqqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xxyaxyw.dll
C:\WINDOWS\SYSTEM32\xxyaxyw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ssqommm.dll
C:\WINDOWS\SYSTEM32\ssqommm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqommm.dll
C:\WINDOWS\SYSTEM32\ssqommm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:19, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {673932DC-651D-4442-885A-B68CEACE456E} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9446ADC-204F-45F1-97F2-0AFE277FED73} - C:\WINDOWS\System32\ssqpo.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 3631 bytes

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 1 riviä yhteen ylimmäiseen boksiin

C:\WINDOWS\system32\geebx.dll

[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

 

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 22:47:11 1.10.2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:52, on 1.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\Skanneri.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {673932DC-651D-4442-885A-B68CEACE456E} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9446ADC-204F-45F1-97F2-0AFE277FED73} - C:\WINDOWS\System32\ssqpo.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 3525 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {673932DC-651D-4442-885A-B68CEACE456E} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D9446ADC-204F-45F1-97F2-0AFE277FED73} - C:\WINDOWS\System32\ssqpo.dll (file missing)

=====================

Lataa Dr.Web CureIt työpöydälle:

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, Klikkaa Custom scan merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa Yes to all, jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scannaus on valmis
[*]Klikaa Select all ja Klikkaa Delete
[*]Klikaa File, save report list
[*]Tallenna työpödälle ja kopio lista tänne


jokos toimii?

 

Process in memory: C:\Program Files\Sygate\SPF\smc.exe:1076;;Win32.SQL.Slammer.376;Eradicated.;
Process in memory: C:\Program Files\Sygate\SPF\smc.exe:1076;;Win32.SQL.Slammer.376;Eradicated.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Deleted.;


Kone pyörii ihan täydellisesti ja windowsin päivitykset myös pysyvät päällä. Kiitos todella paljon kaikesta avusta kun olen jo kauan saanut kamppailla tämän koneen kanssa ennenkuin tajusin täältä tulla apua kyselemään. KIITOS!