Tässä HJT logi. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:50:17, on 6.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home〈=fin R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A71312F-356D-4E0D-8198-3168A75AF658}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{70BB7B76-3FF9-423F-A1AC-7F44EB01A9EF}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 O17 - HKLM\System\CS2\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7091 bytes
Moi Poista lisää/poista sovelluksen kautta DAEMON Tools SearchBar ja jos löytyy WhenU alkusia Poista kansio C:\Program Files\DAEMON Tools SearchBar ja jos löytyy WhenU alkusia Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" O17 - HKLM\System\CCS\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A71312F-356D-4E0D-8198-3168A75AF658}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{70BB7B76-3FF9-423F-A1AC-7F44EB01A9EF}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 O17 - HKLM\System\CS1\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 O17 - HKLM\System\CS2\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200 Lataa fixwareout.exe täältä > Täältä tai > Täältä ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään. Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö
Username "Junnu" - 13.11.2007 16:52:47 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdvsy.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{039560D5-8E82-4676-9815-B8F9A48CDDF6} "DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5A71312F-356D-4E0D-8198-3168A75AF658} "DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0} "DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared. DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Other C:\WINDOWS\Temp\kdvsy.ren 72211 13.06.2007 ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\"" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Steam"="\"c:\\program files\\steam\\steam.exe\" -silent" "AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ ja hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:43, on 13.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fin R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6454 bytes
ja sitten... Palomuuri olisi hyvä asentaa koneelle tästä--->ilmanen Poista Lisää/Poista sovelluksen kautta ShoppingReport Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. *Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. *Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. *Käynnistä AVG Anti-Spyware. *Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. *Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. *Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. *Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". *Sitten "Reports" valikon alta: *Ota täppi pois kohdasta"Automatically generate report after every scan" *Ota täppi pois kohdasta"Only if threats were found *Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa *"Resident shield is", muuta tila active:sta inactive:ksi *Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, Ohje! Poista Kansio!!!!!!: C:\Program Files\ShoppingReport HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta. *Kun vikasietotilassa, käynnistä AVG Anti-Spyware. *Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". *AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" *Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. *Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" *Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. *Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. *Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. Lähetä avg_loki ja uusi hjt-loki
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:30:55 13.11.2007 + Scan result: HKLM\SOFTWARE\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSearch\Partners -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSearch\Partners\desktop -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSearch\WHSE -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{8AE2DB22-63C1-4EEB-85F4-779186E6CE38}\RP41\A0005657.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned with backup (quarantined). :mozilla.364:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.365:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.366:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.367:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.105:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.106:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.107:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.99:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.193:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.155:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.158:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.159:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.160:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.161:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.186:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Junnu\Cookies\junnu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.112:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.113:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.114:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.115:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.116:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.117:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.118:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.119:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.121:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.359:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.360:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.361:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.362:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.363:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.34:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.321:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.322:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.249:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Etracker : Cleaned. :mozilla.120:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.122:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.123:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.357:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.358:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.178:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.179:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.181:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.207:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.376:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.435:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.199:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.200:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.204:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.315:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.290:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.291:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.313:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned. :mozilla.17:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.397:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.398:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.399:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.400:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.424:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.138:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.139:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.140:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.141:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.142:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.143:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Junnu\Cookies\junnu@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Junnu\Cookies\junnu@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.438:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.441:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.100:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.13:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Junnu\Cookies\junnu@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.147:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.148:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.149:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.150:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.151:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.125:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.83:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.103:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.104:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.108:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.109:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.110:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.111:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Junnu\Cookies\junnu@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end ja hjt log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:17, on 13.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fin R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6359 bytes
loppu puhdistus vielä Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi) Avg roskis tyhjennys Voit tyhjentää AVG:n karanteenin: Avaa AVG Anti Spyware -> Infections -> Selet All -> Remove finally -> Kyllä -> Sulje Ohjelma Tyhjennä Roskakori Putsaa järjestelmän palautus: 1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta 2. Valitse Properties/ominaisuudet 3. Valitse System Restore/järjestelmän palauttaminen välilehti 4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Apply/käytä 6. Paina OK 7. Käynnistä kone uudelleen 8. Palauta asetukset takaisin
