vähemmän oman pääoman

Magazine
Go Back   Tietokone Juice > Computer Software > Virusten, vakoiluohjelmien & Security
Reload this Page

Endless haku ... ja typerä firefox ...

Rekisteröidy Sivustokartta Spy Käyttäjälista Lahjoita Haku Today's Posts Mark Forums Read Foorumin säännöt

Register


 Default 

Endless haku ... ja typerä firefox ...




Reply
 
Thread Tools
  #1  
Old 5 tammikuu 2008, 10:26
Jäsen
  
Default Endless haku ... ja typerä firefox ...

hyvin, en ole koskaan nähnyt tämän ennenkin, mutta aina kun olen klikkaa Hae-painiketta Windows ja tehdä haun sen pitää "Searching" ja tiedostoja, vaikka olen napsauta Pysäytä-painiketta, en ole varma, jos on virus, mutta todella häiritsee minua Syy Jos haluan etsiä toista tiedostoa minun on sulkea tämän ikkunan ja avaa se uudelleen ...

Toinen asia, joka pitää häiritsee minua, että kun olen Firefox esimerkiksi, jos IM katsot videoita YouTubesta koko näytössä se menee pieni näyttö on jonkin verran aikaa yhä uudestaan ja uudestaan tai jos olen kirjoittaa jotain, jostain salaperäinen syystä En voi kirjoita enää, kuin jos olisin valinnut toisen ikkunan tai jotain ... minun on sitten Firefox jatkaaksesi minun kirjoittamalla (joka oli tapahtunut yli 10 kertaa juuri tässä vähän MSG ... tekee minut hulluksi, IM kerron!)

minun pc toimii outo ja karpersky antivirus mukaan minulla ei ole mitään väärää ...

Olen työskennellyt tietokoneiden pitkän aikaa, mutta tämä on mielestäni havent nähnyt ja havent kuulleet vielä ... voidaan IM tulossa vainoharhainen
  #2  
Old 5 tammikuu 2008, 10:44
Moderator Group
  
Default Endless haku ... ja typerä firefox ...

Eiköhän oteta tarkemmin.

Lataa ja nimetä HijackThis (HJT)
  • Kaksoisnapsauta HJTInstall.
  • Klikkaa Asenna painiketta.
  • Se automaattisesti HJT vuonna C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Kun asentaa, HijackThis pitäisi avata sinulle.
    • Sulje HijackThis ja nimetä se.
    • Siirry C: \ Program Files \ Trend Micro \HijackThis.exe
    • Napsauta hiiren kakkospainikkeella HijackThis.exe ja valitse Nimeä.
    • Kirjoita sniper.exe ja paina Anna.
    • Napsauta hiiren kakkospainikkeella päällä sniper.exe ja valitse Lähetä > Desktop (luo pikakuvake)
  • From työpöydällä avoinna HiackThis.
  • Jos käytät Windows Vistaa, varmista, että Suorita järjestelmänvalvojana
  • Klikkaa Onko järjestelmä skannaa ja tallentaa lokitiedoston painiketta
  • HijackThis tarkistaa ja sen jälkeen loki avautuu muistioon.
  • Kopioi ja liitä kirjautua blogitekstisi.
    • Ei ole Hijackthis vahvistaa mitään vielä. Suurin osa siitä, mitä se havaitsee on harmittomia tai jopa vaaditaan.
Vaikka meillä on uudelleennimetty HijackThis että ampuja, me vielä viitata se HijackThis tai HJT.
__________________
  #3  
Old 5 tammikuu 2008, 11:08
Jäsen
  
Default Endless haku ... ja typerä firefox ...

Tämä on mitä saan:

**************************************************
Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu 02:08:32 pm, annettu 05.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
C: \ Program \ LogMeIn \ x86 \ RaMaint.exe
C: \ Program \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Program \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ dllhost.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ WINDOWS \ system32 \ SVOHOST.exe
C: \ Program \ DAEMON Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program \ Microsoft Office \ Office11 \ Winword.exe
C: \ Program \ Skype \ Phone \ Skype.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Program \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = noin: tyhjä
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, C: \ WINDO WS \ system32 \ ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Program \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [SoundMam] C: \ WINDOWS \ system32 \ SVOHOST.exe
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Program \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] "C: \ Program \ Windows Live \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Program \ GameSpy \ Comrade \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOCAL)
O4 - HKUS \ S-1-5-19 \ .. \ Run: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SERVICIO paikallinen ")
O4 - HKUS \ S-1-5-19 \ .. \ Run: [nltide1] cmd.exe / C siirrä / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (User 'SERVICIO paikallinen ")
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de punainen)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Servicio de punainen)
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Rajoitukset läsnä
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel läsnä
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Työkalurivit \ Rajoitukset läsnä
O8 - Extra context menu item: E & xportar Microsoft Excel - res: / / C: \ Program ~ 1 \ MICROS ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Program ~ 1 \ MICROS ~ 1 \ Office11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
Ø20 - Winlogon Notify: usbmon - C: \ WINDOWS \ system32 \ usbmons.dll
O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (bittinen ohjelmisto) - C: \ Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chat-palvelimen (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Program \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Program \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C: \ Program \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Program \ Spyware Doctor \ swdsvc.exe

--
End of file - 5942 bytes
  #4  
Old 5 tammikuu 2008, 11:24
Moderator Group
  
Default Endless haku ... ja typerä firefox ...

Jep, olette ikäviä niistä siellä.

1. Se on käytössä virustentorjuntaohjelmasi.
2. Se on massapostitusvirusten mato on takaovi ja keylogging valmiuksia.
3. Se on asetettu rajoituksia Ohjauspaneeli.

---------------

Ole hyvä ja lataa Combofix jonka Subs joko tässä tai tässä

TÄRKEÄÄ - Tallenna ComboFix.exe sinun työpöydälle.
  • Sulje kaikki avoimet Internet-selaimissa. (Firefox, Internet Explorer jne.)
  • Kaksoisnapsauta combofix.exe ja seuraa ohjeita.
  • From näppäimistön valitse 1 ja paina Anna
  • Kun olet valmis, se tuottaa lokin sinulle.
  • Post, että kirjaudut sisään seuraavan vastauksen.
Älä mouseclick combofix n ikkunan ollessa käynnissä. Tämä voi aiheuttaa tietokoneen pilttuu


Seuraava post lisää
combofix log
uusi HijackThis loki
__________________
  #5  
Old 5 tammikuu 2008, 12:33
Jäsen
  
Default Endless haku ... ja typerä firefox ...

ComboFix 08-01-06.3 - Administrador 2008-01-05 14:48:48.1 - NTFSx86
Se ejecuta desde: C: \ Documents and Settings \ Administrador \ Escritorio \ ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))) )))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ install.exe
C: \ WINDOWS \ system32 \ svohost.exe
C: \ WINDOWS \ system32 \ winscok.dll

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))) )))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 18:49 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ Skype
2008-01-05 15:21 --------- d --- aw C: \ Documents and Settings \ All Users \ Datos Program \ TEMP
2008-01-05 13:00 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ Azureus
2007-12-26 22:39 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ U3
2007-12-24 14:38 --------- d - h - w C: \ Program \ InstallShield Installation Information
2007-12-23 04:15 --------- d ----- w C: \ Program \ Azureus
2007-12-13 14:40 11.973 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-11 15:46 --------- d ----- w C: \ Program \ Archivos comunes \ InstallShield
2007-12-05 20:12 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ JAM Software
2007-12-05 20:09 --------- d ----- w C: \ Program \ JAM Software
2007-12-04 19:25 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos Program \ Office Genuine Advantage
2007-12-03 15:32 --------- d ----- w C: \ Program \ FinalData
2007-12-02 17:05 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ Media Player Classic
2007-12-02 16:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos Program \ WM
2007-12-02 14:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ WM
2007-12-02 14:39 --------- d ----- w C: \ Program \ Word Magic Software
2007-12-02 00:44 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ BSplayer Pro
2007-12-02 00:19 70.656 ---- aw C: \ WINDOWS \ ScUnin.exe
2007-11-30 22:17 --------- d ----- w C: \ Program \ DivX
2007-11-30 22:01 --------- d ----- w C: \ Program \ Microsoft Works
2007-11-30 21:45 --------- d ----- w C: \ Documents and Settings \ Dimart \ Datos Program \ Talkback
2007-11-30 21:19 --------- d ----- w C: \ Program \ DAEMON Tools
2007-11-30 21:13 685.816 ---- aw C: \ WINDOWS \ system32 \ drivers \ sptd.sys
2007-11-30 20:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos Program \ Azureus
2007-11-30 13:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos Program \ Talkback
2007-11-30 12:38 220.160 ---- aw C: \ WINDOWS \ system32 \ uxtheme.dll
2007-11-30 12:38 --------- d ----- w C: \ Program \ Skype
2007-11-30 12:37 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos Program \ Apple Computer
2007-11-30 12:37 --------- d ----- w C: \ Program \ Windows Media Connect 2
2007-11-30 12:37 --------- d ----- w C: \ Program \ Real Alternative
2007-11-30 12:37 --------- d ----- w C: \ Program \ QuickTime Alternative
2007-11-30 12:37 --------- d ----- w C: \ Program \ Media Player Classic
2007-11-30 12:35 --------- d ----- w C: \ Program \ K-Lite Codec Pack
2007-11-30 12:35 --------- d ----- w C: \ Program \ Java
2007-11-30 12:35 --------- d ----- w C: \ Program \ Archivos comunes \ Java
2007-11-30 12:34 --------- d ----- w C: \ Program \ Webteh
2007-11-30 12:34 --------- d ----- w C: \ Program \ Lavalys
2007-11-30 12:34 --------- d ----- w C: \ Program \ Archivos comunes \ Adobe
2007-11-30 12:23 --------- d ----- w C: \ Program \ Archivos comunes \ MSSoap
2007-11-30 12:15 --------- d ----- w C: \ Program \ Archivos comunes \ SpeechEngines
2007-11-30 12:15 --------- d ----- w C: \ Program \ Archivos comunes \ ODBC
2007-11-15 22:46 23.736 ---- aw C: \ WINDOWS \ system32 \ lmimirr.dll
2007-11-15 22:46 10.040 ---- aw C: \ WINDOWS \ system32 \ lmimirr2.dll
2007-11-14 07:28 450.560 ------ w C: \ WINDOWS \ system32 \ dllcache \ jscript.dll
2007-10-30 10:17 3.079.680 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Mshtml.dll
2007-10-29 22:43 1.293.824 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll
2007-10-29 22:43 1.293.824 ------ w C: \ WINDOWS \ system32 \ dllcache \ Quartz.dll
2007-10-25 16:56 8.496.640 ------ w C: \ WINDOWS \ system32 \ dllcache \ Shell32.dll
2007-10-25 13:28 222.720 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-25 13:28 222.720 ------ w C: \ WINDOWS \ system32 \ dllcache \ wmasf.dll
2007-10-20 00:56 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007-10-20 00:56 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007-10-18 15:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
2007-10-11 06:12 96.768 ------ w C: \ WINDOWS \ system32 \ dllcache \ Inseng.dll-kirjastolle
2007-10-11 06:12 662.016 ------ w C: \ WINDOWS \ system32 \ dllcache \ Wininet.dll
2007-10-11 06:12 616.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Urlmon.dll
2007-10-11 06:12 55.808 ------ w C: \ WINDOWS \ system32 \ dllcache \ extmgr.dll
2007-10-11 06:12 532.480 ------ w C: \ WINDOWS \ system32 \ dllcache \ mstime.dll
2007-10-11 06:12 474.624 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Shlwapi.dll
2007-10-11 06:12 449.024 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtmled.dll
2007-10-11 06:12 39.424 ------ w C: \ WINDOWS \ system32 \ dllcache \ pngfilt.dll
2007-10-11 06:12 357.888 ------ w C: \ WINDOWS \ system32 \ dllcache \ Dxtmsft.dll
2007-10-11 06:12 251.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ Iepeers.dll
2007-10-11 06:12 205.312 ------ w C: \ WINDOWS \ system32 \ dllcache \ Dxtrans.dll
2007-10-11 06:12 16.384 ------ w C: \ WINDOWS \ system32 \ dllcache \ jsproxy.dll
2007-10-11 06:12 151.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdfview.dll
2007-10-11 06:12 146.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ msrating.dll
2007-10-11 06:12 1.495.040 ---- aw C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2007-10-11 06:12 1.056.256 ------ w C: \ WINDOWS \ system32 \ dllcache \ danim.dll
2007-10-11 06:12 1.023.488 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Browseui.dll
2007-10-10 11:16 18.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ iedw.exe
2006-11-07 14:29 145.920 ---- aw C: \ WINDOWS \ inf \ hdaudio.sys
2006-09-05 08:18 20.992 - sha-r C: \ WINDOWS \ system32 \ usbmons.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))) ))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
* Nota * entradas vacías & entradas legítimas predeterminadas poikaa mostradas

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DAEMON Tools" = "C: \ Program \ DAEMON Tools \ daemon.exe" [2007-09-18 10:16 171464]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004-08-19 08:42 30208]
"MsnMsgr" = "C: \ Program \ Windows Live \ Messenger \ msmsgs.exe" [2007-10-18 11:34 5724184]
"Comrade.exe" = "C: \ Program \ GameSpy \ Comrade \ Comrade.exe" [2007-12-20 13:47 36864]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run]
"LogMeIn GUI" = "C: \ Program \ LogMeIn \ x86 \ LogMeInSystray.exe" [2007-08-03 15:09 63048]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004-08-19 08:42 30208]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system]
"DisableStatusMessages" = 0 (0x0)
"HideShutdownScripts" = 0 (0x0)
"RunLogonScriptSync" = 0 (0x0)
"RunStartupScriptSync" = 0 (0x0)
"HideStartupScripts" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ policies \ system]
"NoDispCPL" = 0 (0x0)
"NoDispAppearancePage" = 0 (0x0)
"NoDispScrSavPage" = 0 (0x0)
"NoDispSettingsPage" = 0 (0x0)
"NoVisualStyleChoice" = 0 (0x0)
"NoColorChoice" = 0 (0x0)
"NoSizeChoice" = 0 (0x0)
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Policies \ Explorer]
"NoDesktopCleanupWizard" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoWelcomeScreen" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ Policies \ Explorer]
"NoThemesTab" = 0 (0x0)
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoViewContextMenu" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoRun" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoFind" = 0 (0x0)
"NoFolderOptions" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"StartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"HideClock" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoActiveDesktopChanges" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoClose" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ ilmoitettava \ LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C: \ WINDOWS \ system32 \ LMIinit.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Caffe-palvelin]
- ------ 2006-07-09 15:27 4803072 C: \ Program Files \ Caffe \ Server.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Cmaudio]


[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- ------ 2004-08-19 08:42 30208 C: \ WINDOWS \ system32 \ CTFMON.EXE

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxhkcmd]
- a ------ 2005-09-20 10:32 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxpers]
- ------ 2005-09-20 10:36 114688 C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxtray]
- a ------ 2005-09-20 10:35 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ kis]
C: \ Program \ Kaspersky Lab \ Kaspersky Internet Security 6.0 \ avp.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
C: \ Archivos de programa \ MSN Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TaskSwitchXP]
C: \ Program \ TaskSwitchXP \ TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
C: \ Program \ Winamp \ winampa.exe

R1 NtFsLdf20, NtFsLdf20, C: \ WINDOWS \ system32 \ drivers \ nt FsLdf20.sys [2002-07-04 13:52]
R2 LMIInfo; LogMeIn Kernel Information Provider, C: \ Program \ LogMeIn \ x86 \ RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver; LogMeIn Remote File System Driver, C: \ WINDOWS \ system32 \ drivers \ LMIRfsDriver.sy s [2007-08-03 15:09]
R3 usbscan; Controlador de escáner USB-, C: \ WINDOWS \ system32 \ DRIVERS \ usbscan.sys [2006-08-17 21:32]
S2 ABBYY.Licensing.FineReader.Professional.9.0; ABBYY FineReader 9.0 käyttöoikeuspalvelu, "C: \ Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe" [2007-09-25 00:11]
S3 bepldr; BCL easyPDF SDK 5 Loader, "C: \ Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe" [2007-08-22 16:19]
S3 USBSTOR; Dispositivo de almacenamiento masivo de datos USB-, C: \ WINDOWS \ system32 \ DRIVERS \ USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
LocalService REG_MULTI_SZ Hälytys WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (5714de88-a427-11dc-861c-00196604d2ae)]
\ Shell \ auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (68ae8df5-aca4-11dc-81b1-00196604d2ae)]
\ Shell \ AutoRun \ command - auto.exe
\ Shell \ tutkia \ Command - RavMon.exe-e
\ Shell \ open \ command - RavMon.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (805ec9a7-A004-11dc-8615-00196604d2ae)]
\ Shell \ Autorun \ command - G: \ LaunchU3.exe-a

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (92ef7850-A108-11dc-8619-00196604d2ae)]
\ Shell \ auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (92ef78aa-A108-11dc-8619-00196604d2ae)]
\ Shell \ auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (92ef78b4-A108-11dc-8619-00196604d2ae)]
\ Shell \ auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (b05019b3-A665-11dc-A263-00196604d2ae)]
\ Shell \ Autorun \ command - ntde1ect.com
\ Shell \ tutkia \ Command - ntde1ect.com
\ Shell \ open \ command - ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (d79ae692-9f95-11dc-8614-00196604d2ae)]
\ Shell \ AutoRun \ command - G: \ ntde1ect.com
\ Shell \ tutkia \ Command - G: \ ntde1ect.com
\ Shell \ open \ command - G: \ ntde1ect.com

* Newly Created Service * - COMSYSAPP
* Newly Created Service * - PROCEXP90
.
Contenido de kansio "Tareas Programadas"
"2007-12-08 20:22:33 C: \ WINDOWS \ Tasks \ McDefragTask.job"
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:51:38
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de Autostart ...

escaneando Archivos ocultos ...

disk error: C: \ WINDOWS \

************************************************** ************************

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ C atchme]
"Vedospolku" = "\? \ C: \ Windows \ Temp \ catchme.sys"
.
--------------------- DLLs cargados bajo los procesos en Ejecución ---------------------

PROSESSI: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ usbmons.dll
.
Tiempo completado: 2008-01-06 14:52:51
ComboFix-karanteenissa-files.txt 2008-01-06 18:51:58
.
2007-12-18 03:51:13 --- EOF ---


Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu 03:32:28 pm, annettu 06.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program \ LogMeIn \ x86 \ RaMaint.exe
C: \ Program \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Program \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Program \ DAEMON Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ dllhost.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Program \ Microsoft Office \ Office11 \ Winword.exe
C: \ Program \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = noin: tyhjä
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Program \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Program \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] "C: \ Program \ Windows Live \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Program \ GameSpy \ Comrade \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOCAL)
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de punainen)
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Työkalurivit \ Rajoitukset läsnä
O8 - Extra context menu item: E & xportar Microsoft Excel - res: / / C: \ Program ~ 1 \ MICROS ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Program ~ 1 \ MICROS ~ 1 \ Office11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (bittinen ohjelmisto) - C: \ Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chat-palvelimen (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: Indeksointipalvelun (CiSvc) - Unknown owner - C: \ WINDOWS \ system32 \ cisvc.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Program \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Program \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C: \ Program \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Program \ Spyware Doctor \ swdsvc.exe

--
End of file - 4754 bytes
  #6  
Old 5 tammikuu 2008, 12:52
Moderator Group
  
Default Endless haku ... ja typerä firefox ...

Tämä sai muutamia niistä, mutta on vielä enemmän.

Ladata SDFix.exe ja tallenna se työpöydälle.

Kaksoisnapsauta SDFix.exe ja se purkaa tiedostoja% systemdrive%
(Asema, joka sisältää Windows Directory, yleensä C: \ SDFix)

Ole hyvä ja sitten käynnistää tietokone uudelleen vuonna Vikasietotila tekemällä seuraavasti:
  • Käynnistä tietokone uudelleen
  • Kuultuaan tietokone piippaa kerran käynnistyksen aikana, mutta ennen kuin Windows-kuvake näkyy, kosketa F8-näppäintä jatkuvasti;
  • Sen sijaan Windows lastaamista normaalia, että Lisäasetukset Valikko tulisi näkyä;
  • Valitse ensimmäinen vaihtoehto, Windows vikasietotilassa, paina sitten Anna.
  • Valitse tavallista huomioon.
  • Avaa uutetut SDFix-kansio ja kaksoisnapsauta RunThis.bat Käynnistä komentorivi.
  • Tyyppi Y aloittaa saneerausmenettelyn.
  • Se poistaa kaikki Troijan Palvelut ja rekisterimerkintöjä, että se toteaa sitten sinua paina mitä tahansa näppäintä Uudelleenkäynnistä.
  • Paina mitä tahansa näppäintä ja se käynnistä tietokone.
  • Kun tietokone uudelleen Fixtool ajaa uudelleen ja täydellisen poistamisen prosessi sitten näyttö PäättynytPaina mitä tahansa näppäintä varten käsikirjoituksen ja lataamaan työpöydän kuvakkeet.
  • Kun työpöydän kuvakkeet ladata SDFix raportti avoinna näytön ja myös tallentaa osaksi SDFix kansio Report.txt
    (Report.txt myös kopioidaan leikepöydälle).
  • Lopuksi lisää sisältöä, Report.txt näkyy seuraavassa post on Attachment jolla on uusi HijackThis loki


Seuraava post
SDFix loki
Uusi Hijackthis loki
__________________
  #7  
Old 6 tammikuu 2008, 09:58
Jäsen
  
Default Endless haku ... ja typerä firefox ...

Ongelma ratkaistu. :) Thnx
  #8  
Old 6 tammikuu 2008, 12:47
Moderator Group
  
Default Endless haku ... ja typerä firefox ...

Quote:
Originally Posted by Nikronius View Post
Ongelma ratkaistu. :) Thnx



Voisitko lähettämistä lokit?
__________________
  #9  
Old 9 tammikuu 2008, 09:36
Jäsen
  
Default Endless haku ... ja typerä firefox ...

No prob.
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Yhteydenotto -- Yksityisyydensuoja -- Sivukartta -- Ylös

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO on vBSEO © 2009, indeksoitavuutta, Inc.