Nyt tarttis apua!

dodd

Eli tehtäväpalkkiin ilmestynyt punanen pallukka jossa ruksi, sitä klikkaamalla asentuu spykillerpro, tulee myös feikkivaroituksia viruksista. Työpöydän taustakuva vaihtunut valkoiseksi eikä sitä pysty palauttamaan, ctrl-alt-del kun painaa tulee ilmoitus että järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä. Anti-virukset olen ajanut mutta ei ole auttanut. Eli helppiä tarttis...

Logfile of HijackThis v1.99.1
Scan saved at 1:50:32, on 9.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\ville\LOCALS~1\Temp\is-NAMN1.tmp\sbsd152upd.tmp
C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [Tapicfg.exe] tapicfg.exe
O4 - HKLM\..\Run: [bantool] bantool.exe
O4 - HKLM\..\Run: [winavx] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
O4 - HKCU\..\Run: [winavx] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKCU\..\Run: [windows update loader] C:\WINDOWS\xpupdate.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe

8

1178

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Jyrkkäkallio

      Skannaas aluks konees vaikka tolla:
      http://www.kaspersky.com/kos/english/kavwebscan.html
      Skannaa koneesi Kaspersky Online Skannerilla
      Käytä Internet Explorer-selainta
      Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.


      Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.

      Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.

      Klikkaa nyt asetuksia, Scan Settings

      Tarkista asetuksista, että seuraavat ovat valittuina:

      o Scan using the following Anti-Virus database:

      Extended (Jos valittavissa, muuten valitse Standard)

      o Scan Options:

      Scan Archives
      Scan Mail Bases


      Klikkaa OK

      Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer

      Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.

      Klikkaa nyt Save as Text-painiketta.

      Tallenna tiedosto työpöydällesi.

      Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

    • -----

      scannaa hjt:llä merkkaa paina Fix checked

      O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
      O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
      O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
      O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
      O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)

      ===============

      Lataa SDFix by AndyManchesta
      http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
      ja tallenna se työpöydällesi.

      Käynnistä koneesi vikasietotilaan:
      sammuta ja käynnistä
      käynnistyksen yhteydessä hakkaa F8 nappia
      valitse nuolinäppäimellä vikasietotila
      paina enter ja enter
      valitse käyttäjätilisi
      paina kyllä

      Jossakin koneissa hakataan F8:sin sijasta F5:tä
      •   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
      •   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
      •   Paina Y käynnistääksesi skriptin.
      •   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
      •   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
      •   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
      •   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
      •   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
      •   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

      • dodd

        nyt ainakin ruksi hävisi tuolta alhaalta, kone toimii tosin edelleen erittäin hitaasti..


        [b]SDFix: Version 1.154 [/b]

        Run by ville on su 09.03.2008 at 14:47

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\Documents and Settings\ville\~tmp1174.exe - Deleted
        C:\DOCUME~1\ville\LOCALS~1\Temp\~~install.dll - Deleted
        C:\DOCUME~1\ville\LOCALS~1\Temp\ieobj.dll - Deleted





        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-09 14:55:36
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
        "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

        scanning hidden files ...


        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 3


        [b]Remaining Services [/b]:



        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
        "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
        "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
        Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
        Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

        [b]Finished![/b]


        -----


        Logfile of HijackThis v1.99.1
        Scan saved at 15:10:05, on 9.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\WINDOWS\system32\cryptainersrv.exe
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
        C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
        C:\Program Files\F-Secure\FSGUI\fsguidll.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
        O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
        O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
        O4 - HKLM\..\Run: [vmlib] vmlib.exe
        O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
        O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
        O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
        O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
        O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
        O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe


      • -----
        dodd kirjoitti:

        nyt ainakin ruksi hävisi tuolta alhaalta, kone toimii tosin edelleen erittäin hitaasti..


        [b]SDFix: Version 1.154 [/b]

        Run by ville on su 09.03.2008 at 14:47

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\Documents and Settings\ville\~tmp1174.exe - Deleted
        C:\DOCUME~1\ville\LOCALS~1\Temp\~~install.dll - Deleted
        C:\DOCUME~1\ville\LOCALS~1\Temp\ieobj.dll - Deleted





        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-09 14:55:36
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
        "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

        scanning hidden files ...


        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 3


        [b]Remaining Services [/b]:



        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
        "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
        "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
        Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
        Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

        [b]Finished![/b]


        -----


        Logfile of HijackThis v1.99.1
        Scan saved at 15:10:05, on 9.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\WINDOWS\system32\cryptainersrv.exe
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
        C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
        C:\Program Files\F-Secure\FSGUI\fsguidll.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
        O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
        O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
        O4 - HKLM\..\Run: [vmlib] vmlib.exe
        O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
        O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
        O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
        O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
        O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
        O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe

        Lataa VundoFix.exe
        http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

        •   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
        •   Klikkaa Scan for Vundo valintaa.
        •   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
        •   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
        •   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
        •   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
        •   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


        Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
        Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.


      • dodd
        ----- kirjoitti:

        Lataa VundoFix.exe
        http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

        •   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
        •   Klikkaa Scan for Vundo valintaa.
        •   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
        •   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
        •   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
        •   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
        •   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


        Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
        Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

        Run-time error '339':

        Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file missing or invalid

        Että silleen. Olisiko ollut tärkeäkin toimenpide? Nyt ei ehdi lisää viestejä pistää kun pitää lähteä intin lomabussiin :D


      • -----
        dodd kirjoitti:

        Run-time error '339':

        Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file missing or invalid

        Että silleen. Olisiko ollut tärkeäkin toimenpide? Nyt ei ehdi lisää viestejä pistää kun pitää lähteä intin lomabussiin :D

        lataa tästä http://windowsxp.mvps.org/utils/Comdlg32.zip

        työpöydälle

        Kilkkaa kerran ja ikkunan vasemmasta reunasta tiedosto pura kaikki

        purra se tuonne valitset selaa Omatietokone

        C:\Windows\system32

        ja paina ok

        =========

        asenna sitten se uusi Vundofix


      • dodd
        ----- kirjoitti:

        lataa tästä http://windowsxp.mvps.org/utils/Comdlg32.zip

        työpöydälle

        Kilkkaa kerran ja ikkunan vasemmasta reunasta tiedosto pura kaikki

        purra se tuonne valitset selaa Omatietokone

        C:\Windows\system32

        ja paina ok

        =========

        asenna sitten se uusi Vundofix

        ei vundoa löytynyt.
        ie menee edelleen satunnaisesti topsearch10.com tai muulle vastaavalle sivulle jne. mitä tehdä?

        Logfile of HijackThis v1.99.1
        Scan saved at 21:02:02, on 14.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\WINDOWS\system32\cryptainersrv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
        C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
        C:\Program Files\F-Secure\FSGUI\fsguidll.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
        O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe


      • ----
        dodd kirjoitti:

        ei vundoa löytynyt.
        ie menee edelleen satunnaisesti topsearch10.com tai muulle vastaavalle sivulle jne. mitä tehdä?

        Logfile of HijackThis v1.99.1
        Scan saved at 21:02:02, on 14.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\WINDOWS\system32\cryptainersrv.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
        C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
        C:\Program Files\F-Secure\FSGUI\fsguidll.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
        O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
        O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
        O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe

        Escan
        Ohjeet tuolla sivulla.
        http://koti.mbnet.fi/pattaya1/escanmwav.htm
        lataa tuosta
        http://www.spywareinfo.dk/download/mwav.exe
        päivitä tuosta
        http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
        laita täpit merkkauksien mukaan
        http://koti.mbnet.fi/pattaya1/eScan6.jpg

        scannaa

        jos ala luukkuun tulee jotain niin kopioi se näin:
        Käytä komentoa Ctrl A.
        Kopioi rivit komennolla Ctrl C.
        Liitä rivit komennolla Ctrl V.

        Laita virus log tänne.


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ensitreffit Jenni laukoo viinilasin ääressä suorat sanat Jyrkin aikeista: "Mä sanoin, että älä"

      Voi ei… Mitä luulet: kestääkö Jennin ja Jyrkin avioliitto vai päättyykö eroon? Lue lisää: https://www.suomi24.fi/viihde
      Ensitreffit alttarilla
      26
      2778
    2. Ymmärrän paremmin kuin koskaan

      Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän
      Tunteet
      29
      2312
    3. 148
      2264
    4. Hullu liikenteessä?

      Mikä hullu pyörii kylillä jos jahti päällä? Näitä tosin kyllä riittää tällä kylällä.
      Kiuruvesi
      53
      2190
    5. Niina Lahtinen uudessa elämäntilanteessa - Kotiolot ovat muuttuneet merkittävästi: "Nyt on...!"

      Niina, tanssejasi on riemukasta seurata, iso kiitos! Lue Niinan haastattelu: https://www.suomi24.fi/viihde/niina-lahti
      Suomalaiset julkkikset
      21
      1802
    6. Kun Venäjä on tasannut tilit Ukrainan kanssa, onko Suomi seuraava?

      Mitä mieltä olette, onko Suomi seuraava, jonka kanssa Venäjä tasaa tilit? Ja voisiko sitä mitenkään estää? Esimerkiks
      NATO
      389
      1662
    7. Ano Turtiainen saa syytteet kansankiihoituksesta

      Syytteitä on kolme ja niissä on kyse kirjoituksista, jotka hän on kansanedustaja-aikanaan julkaissut Twitter-tilillään
      Maailman menoa
      98
      1597
    8. Pyhäinpäivän aamua

      Oikein hyvää huomenta ja rauhallista päivää. ❄️😊🥱☕❤️
      Ikävä
      298
      1485
    9. Varokaa! Lunta voi sataa kohta!

      Vakava säävaroitus Lumisadevaroitus Satakunta, Uusimaa, Etelä-Karjala, Keski-Suomi, Etelä-Savo, Etelä-Pohjanmaa, Pohjanm
      Maailman menoa
      13
      1419
    10. Kunta ostaa kivitipun

      Kunnanjohtajan tuleva uusi ostokohde
      Lappajärvi
      133
      1418
    Aihe