Apua, kone puhtaaksi, katsotaas vielä kerran hjt.

juupee1 · Mar 26, 2006

Terve,

Nyt olisi asiantuntijan apu tarpeen, firefox selain aukoo säännöllisin väliajoin outoja "tyhjiä" yyy102.html sivuja uuteen välilehteen.

Tässä jotakin tietoja scannauksista:

ArchiveData(auto-quarantine- 2006-03-26 18-47-40.bckp)
Referencefile : SE1R100 23.03.2006
======================================================

ADWARE.LOOK2ME
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\WINDOWS\system32\j64olgh3164.dll
obj[1]=Process : C:\WINDOWS\system32\guard.tmp

Ja sitten...

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\lvjm09~1.dll Sun 26 Mar 2006 12.30.44 ..S.R 234 040 228,55 K
________________________________________________

5 756 items found: 5 754 files (1 H/S), 2 directories.
Total of file sizes: 1 312 341 701 bytes 1,22 G

Administrator Account = True

--------------------End log---------------------

eScan viruslogi:

File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\WINDOWS\system32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[2].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CMNOVH0Y\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CMNOVH0Y\AppWrap[2].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP10\A0010920.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP11\A0010930.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP12\A0010950.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP12\A0010962.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011165.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011224.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011237.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011238.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011239.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011386.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011390.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011391.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011392.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011393.exe infected by "Backdoor.Win32.SdBot.aho" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011407.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011780.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011796.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011807.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011808.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011809.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011832.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011847.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011857.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011861.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011874.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011883.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011893.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011894.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011895.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011896.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011897.exe infected by "Trojan-Downloader.Win32.VB.yo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011898.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011899.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011901.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011902.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011903.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011904.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011905.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011906.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011907.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011908.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011909.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011910.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011911.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011912.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011913.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011915.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011919.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011920.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011938.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011950.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011953.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011955.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011956.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011957.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011958.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011959.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011960.exe tagged as not-a-virus:AdWare.Win32.MediaTickets.r. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011961.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011971.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011972.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011973.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011974.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011977.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011988.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011992.exe infected by "Trojan-Downloader.Win32.PurityScan.br" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011993.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011994.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bo. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011997.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012007.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012009.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012014.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013018.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013020.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013022.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013027.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013055.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013205.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013211.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013231.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013235.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013257.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013258.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013283.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013284.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013309.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013310.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013354.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013364.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013494.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013496.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013610.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013611.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013612.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013613.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013614.exe infected by "Backdoor.Win32.SdBot.aho" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013615.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013616.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013617.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013618.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013619.exe tagged as not-a-virus:AdWare.Win32.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013620.exe infected by "Trojan-Downloader.Win32.VB.yo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013621.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013622.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013623.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013624.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013625.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013626.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013627.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013628.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013629.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013630.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013631.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013632.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013633.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013634.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013635.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013636.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013637.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013638.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013639.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013640.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013641.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013642.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013643.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013644.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013645.exe tagged as not-a-virus:AdWare.Win32.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013646.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013647.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013648.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013649.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013650.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013651.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013653.exe tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013742.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0001151.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0001152.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0002160.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003158.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003159.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003160.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003167.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003168.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003170.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004166.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004167.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004168.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004169.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004170.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004172.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0005166.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006169.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006170.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006171.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006172.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010442.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010469.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010480.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010481.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010483.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010484.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010489.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010494.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010566.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010570.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010573.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010577.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010660.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010668.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010675.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010732.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010745.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010746.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010752.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010756.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010757.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010761.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010766.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010767.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010770.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010775.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010776.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010780.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010785.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010786.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010895.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010901.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010902.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010904.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010911.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\cfg\YazzleBundle-1125.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\WINDOWS\Temp\bw2.com tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.

Eli kyllä taitaa olla "jotain" pientä ylimääräistä. =)

Miten tästä eteenpäin?

-kemisti- · Mar 26, 2006

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

tapiiri · Mar 26, 2006

Look2me taitaa olla syntipukki.

Escan lokin ärkeistä suurin osa oli system restoressa.

sammuta system restore, ohje:
http://service1.symantec.com/support/tsgeninfo.nsf/docid/2001111912274039

Käynnistä kone vikasietotilaan ja tyhjennä kansiot TEMP ja Temporary Internet Files:

C:\WINDOWS\Temp\
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\

Läynnistä normaalisti ja lataa hijackthis:
http://keskustelu.afterdawn.com/thread_view.cfm/316714

Scanna hijackilla ja lähetä loki

juupee1 · Mar 26, 2006

Käynnistä kone vikasietotilaan ja tyhjennä kansiot TEMP ja Temporary Internet Files:
Click to expand...

C:\WINDOWS\Temp\ siis, poistetaanko temp kansion kaikki alikansiotkin?
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\ ? ei löydy ainakaan tuolta.

Vai tarkoitatko -> C:\WINDOWS\Temp\Temporary Internet Files -> Content.IE5\056v49af, g5mv8xyf, odexyz6j, qfmnu7ef sekä index, DAT-tiedosto. Nämä löytyy.

Mitä tarkoitit?

juupee1 · Mar 26, 2006

tässä HjT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:50:29, on 26.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\fp2003fme.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

tapiiri · Mar 26, 2006

Escan lokista suoraan kopioitu:

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.

"kemisti" jatkaa

juupee1 · Mar 26, 2006

tapiiri (Junior Member) 26. maaliskuuta 2006 @ 14:06
Escan lokista suoraan kopioitu:

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.

Click to expand...

Ok, kokeillaan mitä tapahtuu...

juupee1 · Mar 26, 2006

Noniin, nyt selvisi, aiemmin kirjauduin vikasietotilassa järjestelmän valvojana ja nyt omistajana, nyt sain tyhjennettyä tuon sisällön-> C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\

tutkinta jatkuu huomenna....

-kemisti- · Mar 26, 2006

Juu, jatketaan

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\fp2003fme.dll

Poista, jos löytyy:

C:\WINDOWS\system32\iexplore.exe

Lataa Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 ja tallenna se työpöydällesi

TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:

* Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
* Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
* Klikkaa OK.
* Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
* Toissijainen kirjautuminen
* Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
* Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja(eli siis Norton ja ewido pois päältä,oleellinen juttu!).

[*]Sulje kaikki ikkunat ennen jatkamista.
[*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
[*]Rastita Run this program as a task.
[*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
[*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
[*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
[*]Saat Done Scanning viestin, klikkaa OK.
[*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
[*]Tietokoneesi sammuttaa itsensä.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.
[/list]Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Koeta uudelleen.

juupee1 · Mar 27, 2006

Otetaas alusta, mulla on toinen kone nyt netissä (jolla nyt kirjoittelen) se kone(kannettava) joka on saastunut on tuossa vieressä eli, voin nyt seurata ohjeita tässä samalla.

Latasin mainitsemasi tiedostot/ohjelmat ja siirsin ne kannettavalle valmiiksi.
Tuota ->C:\WINDOWS\system32\iexplore.exe en löytänyt kun selailin system32 kansiota läpi, en tiedä sitten etsinkö oikeasta paikasta.

Toissijainen kirjautuminen on OK. eli Tila:käynnissä ja Käynnistystyyppi: automaattinen.

Tässä uusi logi: Koska ajoin HjT:n tänään logi ei näyttänyt enään samalta. Tämän ->O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe sain fixattua.

Logfile of HijackThis v1.99.1
Scan saved at 18:52:02, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\j0p0la7m1d.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Fixataanko logista vielä jotain? Vai siirrynkö ajamaan Look2me -Destroyta?

Ja anteeksi kun vähän takkuaa tämä homma, ei vaan ole aiemmin tullut taisteltua näiden kanssa, joten kärsivällisyyttä.

-kemisti- · Mar 27, 2006

Juu, l2mdestroyeriä seuraavaks vaan

juupee1 · Mar 27, 2006

noniin...

Tässä nämä:

Logfile of HijackThis v1.99.1
Scan saved at 19:48:22, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Ja sitten...

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 27.3.2006 19:34:12

Infected! C:\WINDOWS\system32\j0p0la7m1d.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B64E8E60-F55D-4FDE-8363-21BB54F9386C}"
HKCR\Clsid\{B64E8E60-F55D-4FDE-8363-21BB54F9386C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B22CC086-941F-4E92-BCE8-B06876ACD1A5}"
HKCR\Clsid\{B22CC086-941F-4E92-BCE8-B06876ACD1A5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0A04D312-B603-49C2-8115-127C7450F216}"
HKCR\Clsid\{0A04D312-B603-49C2-8115-127C7450F216}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{23B9B2DE-0F3B-4B47-ADDC-A70612DD047F}"
HKCR\Clsid\{23B9B2DE-0F3B-4B47-ADDC-A70612DD047F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FA533F0-095D-46FC-B724-8A8A7D99F277}"
HKCR\Clsid\{1FA533F0-095D-46FC-B724-8A8A7D99F277}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{42416379-D8D9-4EDC-8E1D-BCFAE7CE1CB3}"
HKCR\Clsid\{42416379-D8D9-4EDC-8E1D-BCFAE7CE1CB3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2E3402A3-22BF-4ECC-849A-747FAA941339}"
HKCR\Clsid\{2E3402A3-22BF-4ECC-849A-747FAA941339}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A92E681B-8CE5-4650-B60D-97678726B86F}"
HKCR\Clsid\{A92E681B-8CE5-4650-B60D-97678726B86F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded

-kemisti- · Mar 27, 2006

Hmmm, katsopa löytyykö vielä -> C:\WINDOWS\system32\j0p0la7m1d.dll

Muuten tuo näyttää ok:lta.

juupee1 · Mar 27, 2006

Juu,löytyy...

Hain etsi toiminnolla kaikki .dll päätteiset ja sieltähän se löytyi.

Mitäs sille pitäis tehdä? poistaa varmaan mutta, saakohan sen pois ihan tuosta vaan?

-kemisti- · Mar 27, 2006

Eipä saa.

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivi tosta alapuolelta

C:\WINDOWS\system32\j0p0la7m1d.dll

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uus Hijack This-logi.

juupee1 · Mar 27, 2006

Tehtävä suoritettu, kone heitti jotain herjaa sen jälkeen kun sen piti sammuttaa itse itsensä, no, klikkasin ok ja käynnistin koneen uudelleen alku meni tavanomaiseen tapaan mutta, pikakuvakkeet kesti tulla työpöydälle aika kauan, tiedä sitten onko merkitystä.

Mutta, nyt se uusi logi:

Logfile of HijackThis v1.99.1
Scan saved at 20:50:50, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Etsin uudestaan ko. tiedostoa, ja sietä se löytyy edelleen.

-kemisti- · Mar 27, 2006

Uusi yritys

Avaa ja täppi kohtaan Replace on Reboot ja merkkaa use dummy
Sitte kopioi rivi tosta alapuolelta

C:\WINDOWS\system32\j0p0la7m1d.dll

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tämän jälkeen tiedosto löytyy, mutta se on ns. dummyfile ja sen poisto pitäisi olla helppoa

juupee1 · Mar 27, 2006

Nyt onnistui ilman mitään herjoja, miten tuo nyt sitten pitäisi poistaa oikeaoppisesti? toistanko nyt sitten tuon aikaisemman killboxi kikkailun vai mitä?

Poistin sen jo, saa nähdä ilmaantuuko uudestaan.

Ad-Aware se:n tulos oli puhdas.

Nortonin virus-scan: Mites nämä?

Norton AntiVirus Quarantine Report
Created: 27. maaliskuuta 2006 22:28:01
------------------------------------------------------------------------------

File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted

------------------------------------------------------------------------------

woock32.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 229 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted

------------------------------------------------------------------------------

t08u0al9edq.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 230 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted

------------------------------------------------------------------------------

vusapi.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 230 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted

------------------------------------------------------------------------------

-kemisti- · Mar 27, 2006

Voit yrittää poistaa sitä dll:ää ihan normaalisti. Pitäisi lähteä nyt pois ilman ongelmia.

Näkyy olevan muitakin l2m:n dll-filuja

Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne.

juupee1 · Mar 28, 2006

Tässä:

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N„yt”n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym„laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play -laitteet"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
gdi32.dll Thu 29 Dec 2005 5.54.36 A.... 280 064 273,50 K
legitc~1.dll Tue 14 Feb 2006 10.20.14 ..... 550 120 537,23 K
s32evnt1.dll Tue 31 Jan 2006 15.35.34 A.... 91 904 89,75 K
webclnt.dll Wed 4 Jan 2006 6.35.10 A.... 68 096 66,50 K

4 items found: 4 files, 0 directories.
Total of file sizes: 990 184 bytes 966,98 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
atmtdd~1.tmp Wed 15 Mar 2006 13.40.38 A.... 0 0,00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 0 bytes 0,00 K
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime„.
Aseman sarjanumero on BCF2-E93F

Kansio C:\WINDOWS\System32

27.03.2006 22:46 <KANSIO> dllcache
13.03.2006 14:24 <KANSIO> Microsoft
0 tiedosto(a) 0 tavua
2 kansio(ta) 74ÿ961ÿ350ÿ656 tavua vapaana

Log in or Sign up

Apua, kone puhtaaksi, katsotaas vielä kerran hjt.

juupee1 Member

-kemisti- Active member

tapiiri Regular member

juupee1 Member

juupee1 Member

tapiiri Regular member

juupee1 Member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

Share This Page

Log in or Sign up

Apua, kone puhtaaksi, katsotaas vielä kerran hjt.

juupee1 Member

-kemisti- Active member

tapiiri Regular member

juupee1 Member

juupee1 Member

tapiiri Regular member

juupee1 Member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

-kemisti- Active member

juupee1 Member

Share This Page

Useful Searches