Eli koneellani on virus.. poisto ohjeita?(hjt-loki)

skooba · Dec 16, 2007

Eli koneella on viirus: W32/Banker.BWNO

Ja sain tehtäväksi tehdä HijackThis lokin ja tässä se nyt on. Voisiko joku katsoa onko mitään hälyyttävää.?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:12, on 16.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143826784195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143827189108
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7032 bytes

skooba · Dec 16, 2007

Niin unohdin mainita että koneeni on juuri siivottu CCleanerillä, mutta käsitykseni mukaan se ei poista viiruksia..

kalminen · Dec 16, 2007

Mistä päättelet, että siellä on virus.
Missä se sijaitsee. (logilla ei näy)
----------------
Toimii ainoastaan Explorerilla ==> salli ActiveX
Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
* Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
* Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
* Klikkaa nyt asetuksia, Scan Settings
* Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

* Klikkaa OK
* Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
* Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
* Klikkaa nyt Save as Text-painiketta.
* Tallenna tiedosto työpöydällesi.
* Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
-----------------
Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 3
Paina Download
Ruksaa Accept, ota online installation, ja asenna se ohjeiden mukaan.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Kaperskyn raportti
*

skooba · Dec 16, 2007

Eli tässä on uusi hjt-loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:17, on 16.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143826784195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143827189108
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7103 bytes

Ja tässä on Kaspersky scannauksen loki

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 54128
Number of viruses found 3
Number of infected objects 16
Number of suspicious objects 0
Duration of the scan process 00:52:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\cert8.db Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\history.dat Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\key3.db Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\parent.lock Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\search.sqlite Object is locked skipped
C:\Documents and Settings\sami\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\sami\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\dfsr.db Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\fsr.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\fsrtmp.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\tmp.edb Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows Live Contacts\tourist2_2@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows Live Contacts\tourist2_2@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Mozilla\Firefox\Profiles\lx6wkhmd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\SupportSoft\sonera\sami\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Sivuhistoria\History.IE5\MSHist012007121620071217\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF4EBC.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF4ECF.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF5FF6.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF601D.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sami\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sami\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer141.832(2).exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer141.832(2).exe NSIS: infected - 1 skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer141.832.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer141.832.exe NSIS: infected - 1 skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer200.937_music.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer200.937_music.exe NSIS: infected - 1 skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer211[1].940_clip.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\bsplayer211[1].940_clip.exe NSIS: infected - 1 skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\BSplayer_WhenUSave_InstallerInstRe(2).exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\Cdvd.exe/data0014 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\Cdvd.exe/data0015 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\Cdvd.exe NSIS: infected - 2 skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\SetupInstRe(2).exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\sami\Työpöytä\asennusohjelmia\SetupInstRe.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP485\A0051755.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP485\A0051756.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP486\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9846EFA5-417D-4EFA-A50C-EC635C1B1660}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4669.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

skooba · Dec 16, 2007

Niin mikä olisi hyvä mihin laskisi tuon Disk Spacen tuossa javan yhteydessä?

kalminen · Dec 17, 2007

Olihan siellä.
Disk Spacen aloita oletus asetuksilla.

Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) puhdistetaan. Windows XP:ssä

* Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
* Valitse Properties/ominaisuudet (Järjestelmä)
* Valitse System Restore/järjestelmän palauttaminen välilehti
* Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
* Paina Apply/käytä
* Paina OK
* Käynnistä Tietokoneesi uudelleen

* Laita System Restore taas päälle Kohdassa 4 ruxsi pois ruudusta.=> käytä => OK.

* Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.
---------------------------------------------------
Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista tiedostot: (8 kpl exe päätteisiä)
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\bsplayer141.832(2).exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\bsplayer141.832.exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\bsplayer200.937_music.exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\bsplayer211[1].940_clip.exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\BSplayer_WhenUSave_InstallerInstRe(2).exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\Cdvd.exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\SetupInstRe(2).exe
C:\Documents and Settings\sami\Ty”p”yt„\asennusohjelmia\SetupInstRe.exe
----------------------
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:

* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Miltä kone tuntuu ???

skooba · Dec 17, 2007

.

skooba · Dec 17, 2007

.

skooba · Dec 17, 2007

Eli tein siis tuon Hjt tarkastuksen ja Fixin tuolla vikasietotilassa ja samalla poistin pyytämäsi .exe-tiedostot niiden kansiosta... uskon että jokin saattoi mennä pieleen kun en oikeen tajunnut tota piilotettujen kansioiden osiota... mutta tämä hjt-loki on nyt tehty normaalissa Windows tilassa, toivottavasti helpottaa. Koneesta tullut mielestäni jo hieman nopeamapi! kiitos jo etukäteen vaivan näöstäsi!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:21, on 17.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143826784195
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143827189108
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5819 bytes

kalminen · Dec 18, 2007

Seoli tärkeintä että poistit 8 filua.
Muuten logi on ihan siisti.
Jos ei muita ongelmia niin Hyvää Joulua sinne

Tonski · Dec 18, 2007

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Eikö näitä nykyään korjatakaan enää?

skooba · Dec 18, 2007

Kiitos Kalminen vaivan näöstäsi! olen kiitollinen!

Tonski löysitkö sinä jotai virheitä vai tuolta vielä ?!

skooba · Dec 18, 2007

Tarkistin vielä koneeni Kaspersky skannerilla ja vielä löytyi viruksia.. viittisikö joku vielä auttaa vähän miten saan ne poistettua!?!

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 48882
Number of viruses found 2
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 00:47:32

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sami\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\dfsr.db Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\fsr.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Messenger\tourist2_2@hotmail.com\SharingMetadata\Working\database_8CA4_D5E4_A4D5_D0B6\tmp.edb Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows Live Contacts\tourist2_2@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\Microsoft\Windows Live Contacts\tourist2_2@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Application Data\SupportSoft\sonera\sami\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Sivuhistoria\History.IE5\MSHist012007121820071219\index.dat Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF4B03.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF4BB0.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF7D03.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temp\~DF7D6F.tmp Object is locked skipped
C:\Documents and Settings\sami\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sami\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sami\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000009.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000009.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000010.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000010.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000011.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000011.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000012.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000013.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000014.exe/data0014 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000014.exe/data0015 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000014.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000015.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\A0000016.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{7F63CA23-D2C5-445C-BD70-1D94D5346630}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{25CCB17E-BED9-43BF-B9AA-26A57D25C178}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4669.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

kalminen · Dec 18, 2007

Nuo pöpöt lähtee tällä:
Tässä ohjeet kuinka System Restore (Järjestelmän palautuspiste) puhdistetaan. Windows XP:ssä

* Klikkaa hiiren oikealla napilla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
* Valitse Properties/ominaisuudet (Järjestelmä)
* Valitse System Restore/järjestelmän palauttaminen välilehti
* Laita ruxi "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
* Paina Apply/käytä
* Paina OK
* Käynnistä Tietokoneesi uudelleen

* Laita System Restore taas päälle Kohdassa 4 ruxsi pois ruudusta.=> käytä => OK.

* Mene Käynnistä => Suorita ja kopioi laatikkoon %SystemRoot%\system32\restore\rstrui.exe => OK
Laita täppi kohtaan Luo palautuspiste => Seuraava
toimi ohjeiden mukaan.

Tonskin mainitsema rivi ei ole virus.
Täysin tyhjä rivi. Winukan omia jätöksiä.

pilkkim · Dec 18, 2007

pitäisikö minunki toimia näin?

skooba · Dec 18, 2007

Kiitoksia oikein paljon! Toivottavasti nyt päästiin noista pöpöistä eroon, ainakin siitä banker-viruksesta.. Ties mitä salasanan haku viruksia on.! Kiitos!

kalminen · Dec 18, 2007

Kyllä tuon syatem restoren siivous kannattaa suorittaa
silloin tällöin.
Kaikki Virustutkat ei ulotu sinne asti.
Hyvät joulut kaikille.

Log in or Sign up

Eli koneellani on virus.. poisto ohjeita?(hjt-loki)

skooba Member

skooba Member

kalminen Regular member

skooba Member

skooba Member

kalminen Regular member

skooba Member

skooba Member

skooba Member

kalminen Regular member

Tonski Regular member

skooba Member

skooba Member

kalminen Regular member

pilkkim Member

skooba Member

kalminen Regular member

Share This Page

Log in or Sign up

Eli koneellani on virus.. poisto ohjeita?(hjt-loki)

skooba Member

skooba Member

kalminen Regular member

skooba Member

skooba Member

kalminen Regular member

skooba Member

skooba Member

skooba Member

kalminen Regular member

Tonski Regular member

skooba Member

skooba Member

kalminen Regular member

pilkkim Member

skooba Member

kalminen Regular member

Share This Page

Useful Searches