En saa AVG anti-spywarea poistetuksi

Tornad0 · Jul 27, 2007

Mikähän on vialla kun en saa AVG:ta poistetuksi?
Kun alan uninstallaamaan niin kone jää jumiin.
Itse ohjelmakaan ei lähde päälle...

hjt logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:52, on 28.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 4905 bytes

Hujo · Jul 27, 2007

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

====================

C:\Program Files\Trend Micro\HijackThis\===> HijackThis.exe <=== uudelleen nimeä skanneriksi

Tornad0 · Jul 27, 2007

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 9:57:05 28.7.2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.ini
C:\windows\system32\ssqpq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini Has been deleted!

Attempting to delete C:\windows\system32\ssqpq.dll
C:\windows\system32\ssqpq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 10:07:22 28.7.2007

Listing files found while scanning....

-------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:17, on 28.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\efcbxxy.dll
O2 - BHO: (no name) - {88035E4B-BDBF-4343-818B-6D80CD5D9E8C} - C:\WINDOWS\system32\awtqq.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efcbxxy - C:\WINDOWS\SYSTEM32\efcbxxy.dll
O20 - Winlogon Notify: nnnljig - nnnljig.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5532 bytes

Hujo · Jul 28, 2007

Otas uudestaan tuolla Vundofixsillä

====================

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {88035E4B-BDBF-4343-818B-6D80CD5D9E8C} - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: nnnljig - nnnljig.dll (file missing)

====================

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe.exe tuon uudelleen nimeys (sen pomminkuvan laitat skanneriksi vain) sitten uusi hjt loki

===================

Tornad0 · Jul 28, 2007

Vundolla ei löytyny mitään.

EDIT: Nyt sain poistettua AVG:n

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:28, on 28.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINDOWS\system32\efcbxxy.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185608278234
O20 - Winlogon Notify: efcbxxy - C:\WINDOWS\SYSTEM32\efcbxxy.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5813 bytes

Hujo · Jul 28, 2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Tornad0 · Jul 28, 2007

"Yleinen" - 2007-07-28 12:49:49 [GMT 3:00] - ComboFix 07-07-24 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Yleinen\TYPYT~1\internet.lnk
C:\Program Files\inetget2
C:\Program Files\inetget2\popinstall.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\smsys.dat
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_RUNTIME
-------\asc3550u
-------\runtime
-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

2007-07-28 12:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 12:31 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-28 12:31 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-28 12:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-28 12:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-28 11:48 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit
2007-07-28 11:48 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot
2007-07-28 11:48 <KANSIO> d--h----- C:\DOCUME~1\LOCALS~1\Verkkoymp„rist”
2007-07-28 11:48 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\Ty”p”yt„
2007-07-28 11:40 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-28 11:13 6,661 ---hs---- C:\WINDOWS\system32\jjjlm.ini2
2007-07-28 11:10 6,466 ---hs---- C:\WINDOWS\system32\jjjlm.bak1
2007-07-28 10:29 <KANSIO> d-------- C:\Program Files\Valve
2007-07-28 09:57 <KANSIO> d-------- C:\VundoFix Backups
2007-07-28 09:40 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-28 09:40 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-07-28 09:25 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-28 09:25 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-28 09:25 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-28 09:25 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-28 09:24 <KANSIO> d-------- C:\Program Files\Webroot
2007-07-28 09:24 <KANSIO> d-------- C:\DOCUME~1\Yleinen\APPLIC~1\Webroot
2007-07-28 09:24 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-28 09:09 <KANSIO> d-------- C:\Program Files\Lavasoft
2007-07-28 09:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-28 09:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-28 08:22 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-07-28 02:23 <KANSIO> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-07-28 02:23 <KANSIO> dr--s---- C:\WINDOWS\Fonts
2007-07-28 02:23 <KANSIO> dr------- C:\WINDOWS\Web
2007-07-28 02:23 <KANSIO> d--h----- C:\WINDOWS\inf
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\WinSxS
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\twain_32
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\wins
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\wbem
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\usmt
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\spool
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\ShellExt
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\Setup
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\ras
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\oobe
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\npp
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\mui
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\inetsrv
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\IME
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\icsxml
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\ias
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\export
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\drivers\etc
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\drivers
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\dhcp
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\config
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\3com_dmi
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\3076
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\2052
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1054
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1042
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1041
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1037
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1035
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1033
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1031
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1028
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32\1025
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system32
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\system
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\security
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Resources
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\repair
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\mui
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\msapps
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\msagent
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Media
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\ime
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Help
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Driver Cache
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Debug
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Cursors
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Connection Wizard
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\Config
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\AppPatch
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS\addins
2007-07-28 02:23 <KANSIO> d-------- C:\WINDOWS
2007-07-28 01:57 6,874 ---hs---- C:\WINDOWS\system32\pqstv.ini2
2007-07-28 01:55 6,506 ---hs---- C:\WINDOWS\system32\pqstv.bak1
2007-07-28 01:53 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-28 01:50 31,254 --a------ C:\WINDOWS\system32\efcbxxy.dll
2007-07-28 01:38 2,086 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-28 01:23 <KANSIO> d-------- C:\Program Files\ToniArts
2007-07-28 01:22 <KANSIO> d-------- C:\Program Files\CCleaner
2007-07-28 01:13 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-07-28 01:12 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-07-28 01:08 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-07-28 01:06 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2007-07-28 01:02 <KANSIO> dr-h----- C:\MSOCache
2007-07-28 00:38 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-28 00:37 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2007-07-28 00:37 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall
2007-07-28 00:33 <KANSIO> d---s---- C:\DOCUME~1\Yleinen\UserData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 00:24:32 48,660 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-28 00:24:32 283,356 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-27 21:53:14 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-27 21:53:14 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A4A2D56-931A-4733-9121-033A2D95A274}]
2007-07-28 01:50 31254 --a------ C:\WINDOWS\system32\efcbxxy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 04:22]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-07-28 10:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5A4A2D56-931A-4733-9121-033A2D95A274}"= C:\WINDOWS\system32\efcbxxy.dll [2007-07-28 01:50 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxxy]
efcbxxy.dll 2007-07-28 01:50 31254 C:\WINDOWS\system32\efcbxxy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R0 uagp35;Microsoft AGPv3.5 -suodatin;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-27 21:32:01 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Yleinen.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 13:01:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 13:04:56
C:\ComboFix-quarantined-files.txt ... 2007-07-28 13:04

--- E O F ---

Hujo · Jul 28, 2007

Panda ActiveScan
Linkki: http://www.pandasoftware.com/products/activescan.htm

• Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta
• Uusi ikkuna aukeaa, klikkaa Check Now-painiketta
• Valitse maa, Country
• Syötä kaupunki, State/Province
• Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta
• Valitse joko kotikäyttäjä Home User tai yritys Company
• Klikkaa suurta Scan Now-painiketta
• Jos ActiveX-komponentin asentamista kysytään, salli se.
• Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja)
• Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen
• Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle).

=============

laita uusi hjt loki myös

Tornad0 · Jul 28, 2007

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Yleinen\Omat tiedostot\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Yleinen\Omat tiedostot\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Yleinen\Omat tiedostot\SmitfraudFix\restart.exe
Virus:Generic Trojan Disinfected C:\QooBox\Quarantine\C\Program Files\InetGet2\popinstall.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqpq.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:49, on 28.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Yleinen\Omat tiedostot\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185608278234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5650 bytes

Hujo · Jul 28, 2007

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

===================

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Tornad0 · Jul 28, 2007

efcbxxy.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
geebx.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
Process.exe;C:\Documents and Settings\Yleinen\Omat tiedostot\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Yleinen\Omat tiedostot\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
smsys.dat.vir;C:\QooBox\Quarantine\C\WINDOWS;Probably WIN.MAIL.WORM.Virus;Incurable.Moved.;
ip6fw.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.319;Deleted.;
A0004692.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Trojan.Virtumod;Deleted.;
A0005575.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Trojan.Virtumod;Deleted.;
A0005607.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Trojan.DownLoader.24772;Deleted.;
A0005608.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Tool.Prockill;Incurable.Moved.;
A0006514.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Trojan.Virtumod;Deleted.;
A0006515.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;Trojan.DownLoader.24772;Deleted.;
A0006534.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP10;BackDoor.Bulknet;Deleted.;
A0007948.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP14;Trojan.Virtumod;Deleted.;
A0007980.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP14;Trojan.Virtumod;Deleted.;
A0007984.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP14;Trojan.Virtumod;Deleted.;
A0008038.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP17;Trojan.Virtumod;Deleted.;
A0008080.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP18;Trojan.Virtumod;Deleted.;
A0008097.sys;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP19;Trojan.NtRootKit.319;Deleted.;
A0009599.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP22;Trojan.Virtumod;Deleted.;
A0010600.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP23;Trojan.Virtumod;Deleted.;
A0004515.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP7;Trojan.Packed.155;Deleted.;
A0004538.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP7;Trojan.Virtumod;Deleted.;
A0004542.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP7;Trojan.Mezzia.68;Deleted.;
A0004543.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP7;Trojan.Virtumod;Deleted.;
A0004659.dll;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP9;Trojan.Virtumod;Deleted.;
A0004673.exe;C:\System Volume Information\_restore{538D9D84-E1A4-456B-9EFA-D50738BFB502}\RP9;Trojan.Popuper.4983;Deleted.;
awtqq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mljgf.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pmkjk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ssqpq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
efcbxxy.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
geebx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

Hujo · Jul 28, 2007

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

==================

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

Tornad0 · Jul 28, 2007

Juujuu...
Kone onkin huomattavasti nopeampi kuin toissapäivänä.
Tänkjuu vaan

Log in or Sign up

En saa AVG anti-spywarea poistetuksi

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Share This Page

Log in or Sign up

En saa AVG anti-spywarea poistetuksi

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Hujo Guest

Tornad0 Member

Share This Page

Useful Searches