Nyt tarttis apua!

dodd

2008-03-09 01:55:07

Eli tehtäväpalkkiin ilmestynyt punanen pallukka jossa ruksi, sitä klikkaamalla asentuu spykillerpro, tulee myös feikkivaroituksia viruksista. Työpöydän taustakuva vaihtunut valkoiseksi eikä sitä pysty palauttamaan, ctrl-alt-del kun painaa tulee ilmoitus että järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä. Anti-virukset olen ajanut mutta ei ole auttanut. Eli helppiä tarttis...

Logfile of HijackThis v1.99.1
Scan saved at 1:50:32, on 9.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\ville\LOCALS~1\Temp\is-NAMN1.tmp\sbsd152upd.tmp
C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\krln32.exe
O4 - HKLM\..\Run: [Windows Framework] C:\WINDOWS\system32\scvh0st.exe
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\shlext32.exe
O4 - HKLM\..\Run: [Tapicfg.exe] tapicfg.exe
O4 - HKLM\..\Run: [bantool] bantool.exe
O4 - HKLM\..\Run: [winavx] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
O4 - HKCU\..\Run: [winavx] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKCU\..\Run: [windows update loader] C:\WINDOWS\xpupdate.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe

1162

Äänestä

Vastaukset

Jyrkkäkallio
2008-03-09 08:07:17
Skannaas aluks konees vaikka tolla:
http://www.kaspersky.com/kos/english/kavwebscan.html
Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer-selainta
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.

Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.

Klikkaa nyt asetuksia, Scan Settings

Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

Scan Archives
Scan Mail Bases

Klikkaa OK

Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer

Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.

Klikkaa nyt Save as Text-painiketta.

Tallenna tiedosto työpöydällesi.

Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
-----
2008-03-09 11:49:38
scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-dcf7-f96da086b434} - (no file)
O2 - BHO: (no name) - {6C6B8C69-9285-4D94-8492-9E920C8C2B65} - (no file)
O2 - BHO: (no name) - {74f25a2c-22b3-4023-8f1a-ca616c30a8b5} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9a19966f-ae0e-4699-8cce-9b6f5f1c352c} - (no file)
O2 - BHO: (no name) - {ABCDECF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)

===============

Lataa SDFix by AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä
•   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
•   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
•   Paina Y käynnistääksesi skriptin.
•   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
•   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
•   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
•   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
•   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
•   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
- dodd
  2008-03-09 15:10:59
  nyt ainakin ruksi hävisi tuolta alhaalta, kone toimii tosin edelleen erittäin hitaasti..
  
  [b]SDFix: Version 1.154 [/b]
  
  Run by ville on su 09.03.2008 at 14:47
  
  Microsoft Windows XP [versio 5.1.2600]
  Running From: C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix
  
  [b]Checking Services [/b]:
  
  Restoring Windows Registry Values
  Restoring Windows Default Hosts File
  
  Rebooting
  
  [b]Checking Files [/b]:
  
  Trojan Files Found:
  
  C:\Documents and Settings\ville\~tmp1174.exe - Deleted
  C:\DOCUME~1\ville\LOCALS~1\Temp\~~install.dll - Deleted
  C:\DOCUME~1\ville\LOCALS~1\Temp\ieobj.dll - Deleted
  
  Removing Temp Files
  
  [b]ADS Check [/b]:
  
  [b]Final Check [/b]:
  
  catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-09 14:55:36
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden services & system hive ...
  
  scanning hidden registry entries ...
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
  "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
  
  scanning hidden files ...
  
  scan completed successfully
  hidden processes: 0
  hidden services: 0
  hidden files: 3
  
  [b]Remaining Services [/b]:
  
  Authorized Application Key Export:
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
  "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
  "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
  
  [b]Remaining Files [/b]:
  
  File Backups: - C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix\backups\backups.zip
  
  [b]Files with Hidden Attributes [/b]:
  
  Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
  Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
  Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
  
  [b]Finished![/b]
  
  -----
  
  Logfile of HijackThis v1.99.1
  Scan saved at 15:10:05, on 9.3.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\WINDOWS\system32\cryptainersrv.exe
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
  C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
  C:\Program Files\F-Secure\FSGUI\fsguidll.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
  O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
  O4 - HKLM\..\Run: [vmlib] vmlib.exe
  O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
  O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
  O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
  O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
  O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
  O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
  O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
- -----
  2008-03-09 17:41:28
  dodd kirjoitti:
  nyt ainakin ruksi hävisi tuolta alhaalta, kone toimii tosin edelleen erittäin hitaasti..
  
  [b]SDFix: Version 1.154 [/b]
  
  Run by ville on su 09.03.2008 at 14:47
  
  Microsoft Windows XP [versio 5.1.2600]
  Running From: C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix
  
  [b]Checking Services [/b]:
  
  Restoring Windows Registry Values
  Restoring Windows Default Hosts File
  
  Rebooting
  
  [b]Checking Files [/b]:
  
  Trojan Files Found:
  
  C:\Documents and Settings\ville\~tmp1174.exe - Deleted
  C:\DOCUME~1\ville\LOCALS~1\Temp\~~install.dll - Deleted
  C:\DOCUME~1\ville\LOCALS~1\Temp\ieobj.dll - Deleted
  
  Removing Temp Files
  
  [b]ADS Check [/b]:
  
  [b]Final Check [/b]:
  
  catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-03-09 14:55:36
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden services & system hive ...
  
  scanning hidden registry entries ...
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2]
  "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
  
  scanning hidden files ...
  
  scan completed successfully
  hidden processes: 0
  hidden services: 0
  hidden files: 3
  
  [b]Remaining Services [/b]:
  
  Authorized Application Key Export:
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
  "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
  "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
  "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
  "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
  
  [b]Remaining Files [/b]:
  
  File Backups: - C:\DOCUME~1\ville\TYPYT~1\SDFix\SDFix\backups\backups.zip
  
  [b]Files with Hidden Attributes [/b]:
  
  Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
  Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
  Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
  
  [b]Finished![/b]
  
  -----
  
  Logfile of HijackThis v1.99.1
  Scan saved at 15:10:05, on 9.3.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\WINDOWS\system32\cryptainersrv.exe
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
  C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\WINDOWS\system32\notepad.exe
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
  C:\Program Files\F-Secure\FSGUI\fsguidll.exe
  C:\WINDOWS\system32\NOTEPAD.EXE
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
  O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
  O4 - HKLM\..\Run: [vmlib] vmlib.exe
  O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpyKillerPro] C:\Program Files\SpyKillerPro\SpyKillerPro.exe
  O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
  O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
  O4 - HKCU\..\Run: [Outerinfo] C:\WINDOWS\Outerinfo.exe
  O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
  O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
  O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
  Lataa VundoFix.exe
  http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.
  
  •   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
  •   Klikkaa Scan for Vundo valintaa.
  •   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
  •   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
  •   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
  •   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
  •   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
  
  Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
  Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
- dodd
  2008-03-09 19:04:51
  ----- kirjoitti:
  Lataa VundoFix.exe
  http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.
  
  •   Tupla-klikkaa VundoFix.exe ajaaksesi sen.
  •   Klikkaa Scan for Vundo valintaa.
  •   Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
  •   Sinulta kysytään haluatko poistaa filut - klikkaa YES.
  •   Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
  •   Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
  •   Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
  
  Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
  Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
  Run-time error '339':
  
  Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file missing or invalid
  
  Että silleen. Olisiko ollut tärkeäkin toimenpide? Nyt ei ehdi lisää viestejä pistää kun pitää lähteä intin lomabussiin :D
- -----
  2008-03-09 19:25:54
  dodd kirjoitti:
  Run-time error '339':
  
  Component 'comdlg32.ocx' or one of its dependencies not correctly registered: a file missing or invalid
  
  Että silleen. Olisiko ollut tärkeäkin toimenpide? Nyt ei ehdi lisää viestejä pistää kun pitää lähteä intin lomabussiin :D
  lataa tästä http://windowsxp.mvps.org/utils/Comdlg32.zip
  
  työpöydälle
  
  Kilkkaa kerran ja ikkunan vasemmasta reunasta tiedosto pura kaikki
  
  purra se tuonne valitset selaa Omatietokone
  
  C:\Windows\system32
  
  ja paina ok
  
  =========
  
  asenna sitten se uusi Vundofix
- dodd
  2008-03-14 20:57:11
  ----- kirjoitti:
  lataa tästä http://windowsxp.mvps.org/utils/Comdlg32.zip
  
  työpöydälle
  
  Kilkkaa kerran ja ikkunan vasemmasta reunasta tiedosto pura kaikki
  
  purra se tuonne valitset selaa Omatietokone
  
  C:\Windows\system32
  
  ja paina ok
  
  =========
  
  asenna sitten se uusi Vundofix
  ei vundoa löytynyt.
  ie menee edelleen satunnaisesti topsearch10.com tai muulle vastaavalle sivulle jne. mitä tehdä?
  
  Logfile of HijackThis v1.99.1
  Scan saved at 21:02:02, on 14.3.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\WINDOWS\system32\cryptainersrv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
  C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
  C:\Program Files\F-Secure\FSGUI\fsguidll.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
  O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
  O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
- ----
  2008-03-14 21:31:18
  dodd kirjoitti:
  ei vundoa löytynyt.
  ie menee edelleen satunnaisesti topsearch10.com tai muulle vastaavalle sivulle jne. mitä tehdä?
  
  Logfile of HijackThis v1.99.1
  Scan saved at 21:02:02, on 14.3.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\WINDOWS\system32\cryptainersrv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
  C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
  C:\Program Files\F-Secure\FSGUI\fsguidll.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Documents and Settings\ville\Omat tiedostot\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O2 - BHO: Helper - {CEDB3E8F-9293-A485-366F-376283B59030} - C:\WINDOWS\system\hmqtse32.dll
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
  O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - Unknown owner - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\ (file missing)
  O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
  Escan
  Ohjeet tuolla sivulla.
  http://koti.mbnet.fi/pattaya1/escanmwav.htm
  lataa tuosta
  http://www.spywareinfo.dk/download/mwav.exe
  päivitä tuosta
  http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
  laita täpit merkkauksien mukaan
  http://koti.mbnet.fi/pattaya1/eScan6.jpg
  
  scannaa
  
  jos ala luukkuun tulee jotain niin kopioi se näin:
  Käytä komentoa Ctrl A.
  Kopioi rivit komennolla Ctrl C.
  Liitä rivit komennolla Ctrl V.
  
  Laita virus log tänne.

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Milloin viimeksi näit ikäväsi kohteen?
Oliko helppo tunnistaa hänet? Millaisia tunteita tuo näkeminen herätti sinussa?
18.05.2024 15:22Ikävä
69
1335
En tiedä..
Yhtään minkälainen miesmaku sinulla on. itse arvioin sinua moneenkin otteeseen ja joka kerta päädyin samaan lopputulokse
18.05.2024 14:21Ikävä
106
1227
Suhde asiaa
Miksi et halua suhdetta kanssani?
18.05.2024 18:59Ikävä
113
1165
Kirjoita nainen meistä jotain tänne
tai minusta, ihan mitä haluat. Niinkin voi kirjoittaa, etteivät muut tunnista, esim. meidän kahdenkeskisistä jutuista. K
18.05.2024 21:44Ikävä
73
1080
Paras olisi vain unohtaa
Tuleekohan tähän meidän tilanteeseen ikinä mitään selvyyttä. Epätoivo iskee taas, enkä jaksaisi enää odottaa. Kohta lop
19.05.2024 13:11Ikävä
61
916
IS viikonloppu 18-19.5.2024.
Laatija Toni Pitkälä on itse laatinut ja kuvittanut 3- arvoista ristikkonsa. Nihkeästi tuntuu löytyvän ensimmäisiä var
18.05.2024 08:25Sanaristikot
76
762
Oliko vähä sometettu taas vai?
Tuli aiva liika nopiaa traktorin perä vastahan. https://www.iltalehti.fi/kotimaa/a/2b3857b3-f2c6-424e-8051-506c7525223a
18.05.2024 13:11Kauhava
9
702
Voisitko laittaa
Nimesi ensimmäisen ja kaksi viimeistä kirjainta tähän?
19.05.2024 10:28Ikävä
41
701
Kristityn megahyökkäys idän palstoilla on kauhistuttava
Terroristikristityn megahyökkäys joka puolella on kauhistuttava, hänen viesteissään on järjetön määrä vihaa. Hän on idän
18.05.2024 22:50Idän uskonnot
362
679
S on minun etunimen kolmas kirjain.
Mikä sinun etunimen kolmas kirjain on?
18.05.2024 18:11Ikävä
53
666

Nyt tarttis apua!

Vastaukset

dodd kirjoitti:

----- kirjoitti:

dodd kirjoitti:

----- kirjoitti:

dodd kirjoitti:

Luetuimmat keskustelut

Milloin viimeksi näit ikäväsi kohteen?

En tiedä..

Suhde asiaa

Kirjoita nainen meistä jotain tänne

Paras olisi vain unohtaa

IS viikonloppu 18-19.5.2024.

Oliko vähä sometettu taas vai?

Voisitko laittaa

Kristityn megahyökkäys idän palstoilla on kauhistuttava

S on minun etunimen kolmas kirjain.

Suomen Pallolitto: Tasoryhmät lasten jalkapallossa - Erätauko-tilaisuus ma 20.5.2024

Jennika Vikman avoimena - Isosisko Erika Vikman ohjeisti napakasti Tähdet, tähdet -kisaan: "Älä.."

Tähdet, tähdet -tippuja Sara Chafak uskoo tähän yliluonnolliseen: "Se on niinkin yksinkertaista..."

Tiesitkö? Farmi Suomi Kirsikka Simberg on tämän julkkisnaisen tytär - Katso tyrmäävät mallikuvat!

Tuhdit oluet kauppoihin. Miksi vastustaa?

Miksi jollain jää "talvi päälle"

Seiska: Teemu Roivainen paljastaa, miten käytti Selviytyjät 30 000 voittorahat: "Menivät..."

Tuhoaako tekoäly maailman?

Miksi koulut pakottavat

Oi, mikä upea luksusmökki! Hanna Kinnunen avaa ovet Lapin huvilalle - Katso kuvat tästä!