4 troijalaista, kuinka saan ne pois?

Aip · Nov 19, 2007

Ja hjt loki tässä. Ainakin edelleen kone käynnistelee (näyttää fujitsu-siemens kuvaketta) ainakin 15min.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:05, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: _install.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{4065C858-FBF2-40F8-A07A-461D8A881B5D}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9DAB53E-F207-4772-A0C2-81226732C03F}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9496BC9-D2D0-446E-BC9C-4ED8B04EB966}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9046C7-5E49-47E2-BB0F-9ACAB3B22779}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE562B2-6BA5-4701-BFCE-CD7A8B8754AE}: NameServer = 204.110.160.192
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5988 bytes

Aip · Nov 19, 2007

Joo, vielä on madot koneella.

tomato71 · Nov 20, 2007

aivan....

katsotaan...

Onko koneellasi jotain tekemistä tällasen kanssa ??? DNS04.UNILEVER.COM

Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe (User 'SYSTEM')
O4 - Global Startup: _install.exe

Lataa http://www.funkytoad.com/download/HostsXpert.zip
*Pura HostsXpert sopivaan kansioon, kuten C:\Hoster
*Aja HostsXpert.exe sen uudesta kansiosta
*Klikkaa "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa)
*Klikkaa "Restore Microsoft's Hosts File" ja sitten OK
*Sulje ohjelma.
Huomaa: JOS käytit mukautettuja Hosts-filuja, sinun täytyy laittaa yksikin niistä riveistä itse takaisin.

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
*Käynnistä tietokone
*Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
*Seuraavaksi pitäisi ilmestyä valikko
*Valitse valikosta vikasietotila.

* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä Report.txt(Sdfix) + C:\ComboFix.txt + uusi hjt-loki

Aip · Nov 20, 2007

HostsXpertissä ei löydy tätä: Klikkaa "Restore Microsoft's Hosts File" ja sitten OK
jatkanko silti eteenpäin vai mistä toi oikein löytyy?

tomato71 · Nov 21, 2007

jatka sdfixin kanssa

Aip · Dec 2, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:53, on 2.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] C:\SDFix\RunThis.cmd /second
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{4065C858-FBF2-40F8-A07A-461D8A881B5D}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9DAB53E-F207-4772-A0C2-81226732C03F}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9496BC9-D2D0-446E-BC9C-4ED8B04EB966}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9046C7-5E49-47E2-BB0F-9ACAB3B22779}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE562B2-6BA5-4701-BFCE-CD7A8B8754AE}: NameServer = 204.110.160.192
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5745 bytes

Aip · Dec 2, 2007

ComboFix 07-12-02.5 - Järjestelmänvalvoja 2007-12-02 18:43:44.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.842 [GMT 2:00]
Running from: M:\ComboFix2.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\autos.exe
C:\Documents and Settings\Henkka\Käynnistä-valikko\Ohjelmat\Käynnistys\infos.exe
C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Käynnistys\infos.exe
C:\Documents and Settings\Pia M\Käynnistä-valikko\Ohjelmat\Käynnistys\infos.exe
C:\WINDOWS\draste.exe
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\winter.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_XLAVBA8
-------\xlavba8

((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-11-02 to 2007-12-02 )))))))))))))))))
.

2007-12-02 14:41 . 2007-12-02 14:41 <KANSIO> d-------- C:\WINDOWS\SDFIX
2007-11-18 14:06 . 2007-11-18 22:59 3,112 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-18 14:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-18 14:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-18 14:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-18 14:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-18 14:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-13 15:52 . 2007-11-13 15:52 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-08 10:51 . 2007-11-08 10:51 <KANSIO> dr------- C:\Documents and Settings\LocalService\Suosikit
2007-11-08 10:18 . 2007-11-08 09:57 124,258 --a--c--- C:\WINDOWS\system32\dllcache\_install.exe
2007-11-08 10:18 . 2007-11-08 09:57 124,258 --a------ C:\WINDOWS\system32\_install.exe
2007-11-08 10:17 . 2007-11-08 09:57 124,258 --a------ C:\WINDOWS\_install.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 11:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-12 19:20 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-08 08:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 08:15 --------- d-----w C:\Program Files\MSN Messenger
2007-11-08 08:15 --------- d-----w C:\Program Files\Microsoft Works
2007-11-08 08:14 --------- d-----w C:\Program Files\Google
2007-11-08 07:05 168 ----a-w C:\Documents and Settings\Henkka\Application Data\wklnhst.dat
2007-11-07 17:41 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 17:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 17:31 --------- d-----w C:\Program Files\Java
2007-09-13 19:21 754 ----a-w C:\Documents and Settings\Pia M\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-15 14:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-07-20 22:07 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 11:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 11:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00]
"SDFix"="C:\SDFix\RunThis.bat /second" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SDFix"="C:\SDFix\RunThis.cmd /second" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 09:13]

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2007-11-09 14:34:38 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 19:15:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 19:16:28 - machine was rebooted
.
--- E O F ---

Aip · Dec 2, 2007

SDFix: Version 1.116

Run by J„rjestelm„nvalvoja on su 02.12.2007 at 14:41

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
noskrnl.sys

Path:
\??\C:\WINDOWS\system32\noskrnl.sys

noskrnl.sys - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

tomato71 · Dec 2, 2007

se sdfixin loki ei ollu kokonaisena

Aip · Dec 2, 2007

Tuollainen pätkä siinä oli mutta tällainen tuli myös nyt kun käynnisti normaalitilassa:

SDFix: Version 1.116

Run by J„rjestelm„nvalvoja on su 02.12.2007 at 14:41

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
noskrnl.sys

Path:
\??\C:\WINDOWS\system32\noskrnl.sys

noskrnl.sys - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\away.exe.exe - Deleted
C:\WINDOWS\noskrnl.config - Deleted
C:\WINDOWS\noskrnl.exe - Deleted
C:\WINDOWS\system32\noskrnl.sys - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 20:28:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\margareta_blacke@hotmail.com\DFSR\Staging\CS{131ADD09-11FF-BB3E-946C-761544D4A8F2}\01\10-{131ADD09-11FF-BB3E-946C-761544D4A8F2}-v1-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\margareta_blacke@hotmail.com\DFSR\Staging\CS{131ADD09-11FF-BB3E-946C-761544D4A8F2}\13\49-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v13-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3810 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\margareta_blacke@hotmail.com\DFSR\Staging\CS{131ADD09-11FF-BB3E-946C-761544D4A8F2}\13\49-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v13-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 424 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_home@hotmail.com\DFSR\Staging\CS{20A6100A-91FE-1832-14F3-188261F75D6E}\01\14-{20A6100A-91FE-1832-14F3-188261F75D6E}-v1-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\01\15-{DA071C44-180C-DBC4-E41E-A74CD1A7765F}-v1-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\12\59-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v12-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 89922 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\12\59-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v12-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 10080 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\13\50-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v13-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 24096 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\13\50-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v13-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v50-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2672 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\14\51-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v14-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 46110 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\14\51-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v14-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5160 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\15\52-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v15-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 18264 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\15\52-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v15-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2056 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\16\53-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v16-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 45732 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\16\53-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v16-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5072 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\17\54-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v17-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 39450 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\17\54-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v17-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4392 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\18\55-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v18-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 31134 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\18\55-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v18-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3512 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\19\56-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v19-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 29712 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\19\56-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v19-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3280 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\20\57-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v20-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 29640 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\20\57-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v20-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3248 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\21\58-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v21-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 29982 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\21\58-{C78C2982-E88B-4DB6-941A-718DA8D68C32}-v21-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3376 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\47\63-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v47-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 31602 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\47\63-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v47-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3544 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\48\61-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v48-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 82866 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\48\61-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v48-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 9320 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\49\62-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v49-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 107400 bytes hidden from API
C:\Documents and Settings\Pia M\Local Settings\Application Data\Microsoft\Messenger\maryanblacke@hotmail.com\SharingMetadata\nicke_krokfors@hotmail.com\DFSR\Staging\CS{DA071C44-180C-DBC4-E41E-A74CD1A7765F}\49\62-{20BB680D-1B79-4D86-9EE9-58F20A3C5AD1}-v49-{B9F6412E-A2CB-4442-B2F4-8CF69059524F}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 11832 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 31

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 23 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

tomato71 · Dec 2, 2007

ja sitten...

Lataa CCleaner tästä
*Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
*Asennuksen jälkeen aukaise CCleaner.
*Valitse vasemmalta pystyrivistä Options.
*Valitse viereisestä pystyrivistä Settings.
*Language kohtaan valitse Suomi.
Puhdistaja
*Valitse vasemmalta pystyrivistä Puhdistaja.
*Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
*Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
*Valitse vasemmalta pystyrivistä Virheet.
*Paina alhaalta Etsi rekisterin virheitä.
*Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
*Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
*Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
*Saat vielä varmistus kysymyksen, paina Ok.
*Kun virheet on korjattu, paina Sulje.
*Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.

Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.

Klikkaa nyt asetuksia, Scan Settings

Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Klikkaa OK

Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer

Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.

Klikkaa nyt Save as Text-painiketta.

Tallenna tiedosto työpöydällesi.

Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi

Aip · Dec 2, 2007

ccleanerin vedin läpi mutta toi online scanneri ei onnistu kun jostain syystä koneessa ei toimi netti. Yhteydessä ei ole vikaa kun tämä kannettava pääsee kyllä nettiin. Onko jotain ohjelmaa jonka sais ladattua ja tikun kautta ajettua?

tomato71 · Dec 2, 2007

kokeile tämä

http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

Aip · Dec 9, 2007

Tuo toimi ja putsasi, mutta lokia ei antanut (?) Nyt pelittää jo paremmin. Tässä hjt loki:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:23, on 9.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{4065C858-FBF2-40F8-A07A-461D8A881B5D}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9DAB53E-F207-4772-A0C2-81226732C03F}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9496BC9-D2D0-446E-BC9C-4ED8B04EB966}: NameServer = 204.110.160.192
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9046C7-5E49-47E2-BB0F-9ACAB3B22779}: NameServer = 204.110.160.192
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DF3A91D-1E12-4219-894E-AB15AD81DD72}: NameServer = 204.110.160.192
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6591 bytes

tomato71 · Dec 13, 2007

moi
loki on ok

Log in or Sign up

4 troijalaista, kuinka saan ne pois?

Aip Member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

Aip Member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Share This Page

Log in or Sign up

4 troijalaista, kuinka saan ne pois?

Aip Member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

Aip Member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Aip Member

tomato71 Regular member

Share This Page

Useful Searches