Addtool

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by JaHaka, Mar 10, 2008.

  1. JaHaka

    JaHaka Member

    Joined:
    Jun 15, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Onko pöpöjä?
    Koneeseeni ilmestyi: "Addtool.win32.mywebsearch.bm"

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:54:38, on 6.3.2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\conime.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 6097 bytes
     
    JaHaka, Mar 10, 2008
    #1
  2. Hujo

    Hujo Guest

    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta postiisi
     
    Hujo, Mar 10, 2008
    #2
  3. JaHaka

    JaHaka Member

    Joined:
    Jun 15, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Ad-Aware 2007
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8 - Suomi
    Adobe Shockwave Player
    Advanced WindowsCare Personal 2.7.0
    AirXonix version 1.37
    AVG Anti-Spyware 7.5
    EasyCleaner
    Elisa Tietoturvapalvelu
    FreshDiagnose
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Hardware Diagnostic Tools
    HijackThis 2.0.2
    Hot Racing
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Picasso Media Center Add-In
    HP Update
    Intel(R) Matrix Storage Manager
    Java(TM) 6 Update 5
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (2.0.0.12)
    Mozilla Thunderbird (2.0.0.12)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    muvee autoProducer 6.0
    My Worst Day WW2 v.1.98a
    neroxml
    NVIDIA Drivers
    Pirate Bay
    Python 2.4.3
    RealPlayer
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Spybot - Search & Destroy
    Steam
    Tehostettu multimedianäppäimistöratkaisu
    Windows Live installer
    Windows Live Messenger
    WinRAR archiver

     
    JaHaka, Mar 11, 2008
    #3
  4. Hujo

    Hujo Guest

    1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, Mar 11, 2008
    #4
  5. JaHaka

    JaHaka Member

    Joined:
    Jun 15, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    11
    Tässä Combofix logi:

    ComboFix 08-03-10.1 - 2008-03-12 20:20:35.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.2100 [GMT 2:00]
    Running from: C:\Downloads\ComboFix.exe
    * Created a new restore point
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-12 to 2008-03-12 )))))))))))))))))
    .

    Tiedostoja ei ole luotu tällä aikavälillä

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 18:15 --------- d-----w C:\Program Files\Steam
    2008-03-12 08:26 --------- d-----w C:\Program Files\Common Files\Steam
    2008-03-11 20:10 --------- d-----w C:\ProgramData\Nero
    2008-03-11 20:10 --------- d-----w C:\Program Files\Common Files\Nero
    2008-03-11 19:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-11 19:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-11 19:22 --------- d-----w C:\Users\Jari\AppData\Roaming\Nero
    2008-03-11 19:17 --------- d-----w C:\Program Files\Nero
    2008-03-10 23:10 --------- d-----w C:\Users\Jari\AppData\Roaming\uTorrent
    2008-03-10 11:20 --------- d-----w C:\Users\Paula\AppData\Roaming\Grisoft
    2008-03-10 11:20 --------- d-----w C:\Users\ALEKSI\AppData\Roaming\Grisoft
    2008-03-10 07:05 --------- d-----w C:\Program Files\greenstreet
    2008-03-09 20:04 --------- d-----w C:\Program Files\Ahead
    2008-03-09 20:03 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-03-09 19:59 --------- d-----w C:\ProgramData\LightScribe
    2008-03-09 19:47 --------- d-----w C:\Users\Jari\AppData\Roaming\Roxio
    2008-03-09 14:09 --------- d-----w C:\Program Files\MyRealGames.com
    2008-03-09 06:42 --------- d-----w C:\Users\Meri\AppData\Roaming\Grisoft
    2008-03-08 20:02 --------- d-----w C:\ProgramData\Steam
    2008-03-08 20:02 --------- d-----w C:\ProgramData\PopCap Games
    2008-03-08 17:39 --------- d-----w C:\Program Files\Java
    2008-03-08 17:37 --------- d-----w C:\Program Files\Common Files\Java
    2008-03-08 15:28 --------- d-----w C:\Users\Jari\AppData\Roaming\Grisoft
    2008-03-08 15:28 --------- d-----w C:\ProgramData\Grisoft
    2008-03-08 12:42 --------- d-----w C:\Users\Jari\AppData\Roaming\Pirates of the Atlantic
    2008-03-08 12:27 --------- d-----w C:\Program Files\My Worst Day WW2
    2008-03-08 12:11 --------- d-----w C:\Users\Jari\AppData\Roaming\F-Secure
    2008-03-08 11:49 --------- d-----w C:\Program Files\uTorrent
    2008-03-08 09:47 --------- d-----w C:\Users\ALEKSI\AppData\Roaming\Roxio
    2008-03-07 15:50 --------- d-----w C:\Users\Paula\AppData\Roaming\Talkback
    2008-03-06 19:27 --------- d-----w C:\ProgramData\NVIDIA
    2008-03-06 18:53 --------- d-----w C:\Users\Jari\AppData\Roaming\WinBatch
    2008-03-06 18:42 --------- d-----w C:\Program Files\FreshDevices
    2008-03-06 16:28 --------- d-----w C:\Program Files\IObit
    2008-03-06 16:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-06 16:20 --------- d-----w C:\Program Files\ToniArts
    2008-03-06 15:53 --------- d-----w C:\Program Files\Trend Micro
    2008-03-06 15:40 --------- d-----w C:\ProgramData\Lavasoft
    2008-03-05 16:41 --------- d-----w C:\ProgramData\Sonic
    2008-03-05 15:41 --------- d-----w C:\Users\ALEKSI\AppData\Roaming\Talkback
    2008-03-05 11:49 --------- d-----w C:\Users\Paula\AppData\Roaming\Thunderbird
    2008-03-05 11:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-03-05 11:34 --------- d-----w C:\Users\Meri\AppData\Roaming\Talkback
    2008-03-05 11:30 --------- d-----w C:\Users\Meri\AppData\Roaming\Thunderbird
    2008-03-05 11:23 --------- d-----w C:\Users\Jari\AppData\Roaming\Thunderbird
    2008-03-05 09:28 --------- d-----w C:\Program Files\Microsoft.NET
    2008-03-05 09:23 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
    2008-03-05 09:23 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
    2008-03-05 09:23 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-03-05 09:19 --------- d-----w C:\Program Files\Lavasoft
    2008-03-05 09:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-05 07:43 --------- d-----w C:\Users\Jari\AppData\Roaming\Talkback
    2008-03-04 23:29 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-04 21:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-04 21:37 --------- d-----w C:\Program Files\Windows Live
    2008-03-04 21:33 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-04 21:27 5,120 ----a-w C:\Windows\System32\wmi.dll
    2008-03-04 21:27 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2008-03-04 21:27 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2008-03-04 21:23 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-03-04 21:14 --------- d-----w C:\Program Files\Alwil Software
    2008-03-04 20:57 174 --sha-w C:\Program Files\desktop.ini
    2008-03-04 20:54 --------- d-----w C:\Program Files\Google
    2008-03-04 20:53 --------- d-----w C:\Program Files\Windows Mail
    2008-03-04 20:53 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-04 20:52 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-04 20:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-03-04 20:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-03-04 20:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-03-04 20:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-03-04 20:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-03-04 20:46 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-03-04 20:46 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-03-04 20:46 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2008-03-04 20:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-03-04 20:46 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-03-04 20:46 2,028,544 ----a-w C:\Windows\System32\win32k.sys
    2008-03-04 20:45 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-03-04 20:45 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-03-04 20:41 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-03-04 20:39 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-03-04 20:39 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-03-04 20:39 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-03-04 20:39 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-03-04 20:39 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-03-04 20:39 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
    2008-03-04 20:39 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-03-04 20:39 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-03-04 20:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-03-04 20:38 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-03-04 20:38 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-03-04 20:38 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
    2008-03-04 20:38 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-03-04 20:38 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-03-04 20:38 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
    2008-03-04 20:38 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-03-04 20:38 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-03-04 20:38 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-03-04 20:37 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-03-04 20:37 24,064 ----a-w C:\Windows\System32\netcfg.exe
    .

    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-09 17:26 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 00:37 1006264]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 17:11 151552]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\WINDOWS\RtHDVCpl.exe]
    "F-Secure Manager"="C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.exe" [2008-02-13 12:38 184800]
    "F-Secure TNB"="C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2008-02-13 12:38 741800]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 17:59 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 17:59 8473120]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 17:59 81920]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FBF9DBBA-EE56-4CC5-8E4B-CCBBF9968D71}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Elisa Tietoturvapalvelu\HIPS\fshs.sys [2008-02-13 12:38]
    R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2008-02-13 12:38]
    R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-02-13 12:38]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [2008-02-13 12:38]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2008-02-13 12:38]
    R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 21:41]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 12:38]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys [2008-02-13 12:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ce6a8b0-ea1f-11dc-84db-806e6f6e6963}]
    \shell\AutoRun\command - E:\autorun.exe

    .
    'Ajoitetut tehtävät'-kansion sisältö
    "2008-03-11 18:48:14 C:\Windows\Tasks\User_Feed_Synchronization-{5550208D-7E95-4139-BB1F-0C909E4E4684}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 20:22:45
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-12 20:23:56
    .
    2008-03-09 10:12:50 --- E O F ---
     
    JaHaka, Mar 12, 2008
    #5
  6. Hujo

    Hujo Guest

    Ohje AVG:n Anti-Spyware 7.5:n käyttöön
    Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG:n Anti-Spyware 7.5:n
    ja tallenna ohjelma työpöydällesi.
    o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    o Käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

    o Sitten "Reports" valikon alta:
    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    o "Resident shield is", muuta tila active:sta inactive:ksi
    o Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä koneesi vikasietotilaan,
    sammuta ja käynnistä
    käynnistyksen yhteydessä naputtele F8
    valitse nuoli näppäimellä vikasietotila
    paina enter ja enter

    Toisissa koneissa paukutetaan F8:sin sijasta F5:tä

    HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
    o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
    o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
     
    Hujo, Mar 14, 2008
    #6

Share This Page