Ongelma ilmeni, kun yritin etsiä Firefoxiin kuuluvalla Google-palkilla netistä tietoa ja se ohjasi joka kerta http://www.regeringen.se/ sivustolle, myös linkkiriviin kirjoitettuna google.com ja moni muu osoite vie tuolle samaiselle sivulle. Ongelma ilmenee Firefoxissa ja Internet Explorerissa. Ajoin HijackThissin ja logista löytyikin jotain tähän ongelmaan viittaavaa, sieltä löytyy jokainen osoite, joka ohjaa tuolle http://www.regeringen.se/ sivustolle. Millä tavalla saisin tämän ongelman korjattua? Joku voisi tarkistaa myös logini tarkemmin, jos sieltä löytyy jotain muutakin epäilyttävää. Tässä HjT-logi: Logfile of HijackThis v1.99.1 Scan saved at 18:26:47, on 16.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\VDOTool\TBPANEL.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Last.fm\LastFM.exe D:\Ohjelmat\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O1 - Hosts: 81.216.70.132 www.msn.com O1 - Hosts: 81.216.70.132 www.msn.no O1 - Hosts: 81.216.70.132 www.msn.se O1 - Hosts: 81.216.70.132 www.msn.co.uk O1 - Hosts: 81.216.70.132 www.msn.de O1 - Hosts: 81.216.70.132 www.msn.dk O1 - Hosts: 81.216.70.132 se.msn.com O1 - Hosts: 81.216.70.132 no.msn.com O1 - Hosts: 81.216.70.132 dk.msn.com O1 - Hosts: 81.216.70.132 de.msn.com O1 - Hosts: 81.216.70.132 uk.msn.com O1 - Hosts: 81.216.70.132 msn.com O1 - Hosts: 81.216.70.132 msn.no O1 - Hosts: 81.216.70.132 msn.se O1 - Hosts: 81.216.70.132 msn.co.uk O1 - Hosts: 81.216.70.132 msn.de O1 - Hosts: 81.216.70.132 msn.dk O1 - Hosts: 81.216.70.132 www.google.com O1 - Hosts: 81.216.70.132 www.google.no O1 - Hosts: 81.216.70.132 www.google.se O1 - Hosts: 81.216.70.132 www.google.dk O1 - Hosts: 81.216.70.132 www.google.de O1 - Hosts: 81.216.70.132 www.google.co.uk O1 - Hosts: 81.216.70.132 google.com O1 - Hosts: 81.216.70.132 google.no O1 - Hosts: 81.216.70.132 google.se O1 - Hosts: 81.216.70.132 google.dk O1 - Hosts: 81.216.70.132 google.de O1 - Hosts: 81.216.70.132 google.co.uk O1 - Hosts: 81.216.70.132 www.altavista.com O1 - Hosts: 81.216.70.132 www.altavista.no O1 - Hosts: 81.216.70.132 www.altavista.se O1 - Hosts: 81.216.70.132 www.altavista.dk O1 - Hosts: 81.216.70.132 www.altavista.de O1 - Hosts: 81.216.70.132 www.altavista.co.uk O1 - Hosts: 81.216.70.132 altavista.com O1 - Hosts: 81.216.70.132 altavista.no O1 - Hosts: 81.216.70.132 altavista.se O1 - Hosts: 81.216.70.132 altavista.dk O1 - Hosts: 81.216.70.132 altavista.de O1 - Hosts: 81.216.70.132 altavista.co.uk O1 - Hosts: 81.216.70.132 www.thepiratebay.com O1 - Hosts: 81.216.70.132 www.thepiratebay.org O1 - Hosts: 81.216.70.132 www.thepiratebay.net O1 - Hosts: 81.216.70.132 thepiratebay.com O1 - Hosts: 81.216.70.132 thepiratebay.org O1 - Hosts: 81.216.70.132 thepiratebay.net O1 - Hosts: 81.216.70.132 www.isohunt.com O1 - Hosts: 81.216.70.132 isohunt.com O1 - Hosts: 81.216.70.132 www.torrentreactor.net O1 - Hosts: 81.216.70.132 www.torrentreactor.com O1 - Hosts: 81.216.70.132 www.torrentreactor.to O1 - Hosts: 81.216.70.132 torrentreactor.net O1 - Hosts: 81.216.70.132 torrentreactor.com O1 - Hosts: 81.216.70.132 torrentreactor.to O1 - Hosts: 81.216.70.132 www.sharethefiles.com O1 - Hosts: 81.216.70.132 sharethefiles.com O1 - Hosts: 81.216.70.132 www.torrentazos.com O1 - Hosts: 81.216.70.132 www.torrentbox.com O1 - Hosts: 81.216.70.132 www.bittorrent.com O1 - Hosts: 81.216.70.132 www.torrentspy.com O1 - Hosts: 81.216.70.132 www.utorrent.com O1 - Hosts: 81.216.70.132 www.download.com O1 - Hosts: 81.216.70.132 www.arespremium.com O1 - Hosts: 81.216.70.132 www.fixmypcsite.com O1 - Hosts: 81.216.70.132 www.dehsoftware.com O1 - Hosts: 81.216.70.132 www.bitcomet.com O1 - Hosts: 81.216.70.132 www.kazaa.com O1 - Hosts: 81.216.70.132 www.tntdownloads.com O1 - Hosts: 81.216.70.132 www.emule-project.net O1 - Hosts: 81.216.70.132 www.emule.com O1 - Hosts: 81.216.70.132 www.emule.org O1 - Hosts: 81.216.70.132 www.yahoo.com O1 - Hosts: 81.216.70.132 www.yahoo.net O1 - Hosts: 81.216.70.132 www.microsoft.com O1 - Hosts: 81.216.70.132 www.microsoft.net O1 - Hosts: 81.216.70.132 torrentazos.com O1 - Hosts: 81.216.70.132 torrentbox.com O1 - Hosts: 81.216.70.132 bittorrent.com O1 - Hosts: 81.216.70.132 torrentspy.com O1 - Hosts: 81.216.70.132 utorrent.com O1 - Hosts: 81.216.70.132 download.com O1 - Hosts: 81.216.70.132 arespremium.com O1 - Hosts: 81.216.70.132 fixmypcsite.com O1 - Hosts: 81.216.70.132 dehsoftware.com O1 - Hosts: 81.216.70.132 bitcomet.com O1 - Hosts: 81.216.70.132 kazaa.com O1 - Hosts: 81.216.70.132 tntdownloads.com O1 - Hosts: 81.216.70.132 emule-project.net O1 - Hosts: 81.216.70.132 emule.com O1 - Hosts: 81.216.70.132 emule.org O1 - Hosts: 81.216.70.132 yahoo.com O1 - Hosts: 81.216.70.132 yahoo.net O1 - Hosts: 81.216.70.132 microsoft.com O1 - Hosts: 81.216.70.132 microsoft.net O1 - Hosts: 81.216.70.132 video.google.com O1 - Hosts: 81.216.70.132 www.qx.se O1 - Hosts: 81.216.70.132 www.tradera.com O1 - Hosts: 81.216.70.132 www.tradera.se O1 - Hosts: 81.216.70.132 qx.se O1 - Hosts: 81.216.70.132 www.qx.se O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GAINWARD] C:\Program Files\VDOTool\TBPANEL.exe /A O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles/0rvpdp13.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: iTouch.exe O4 - Startup: Pikakuvake EM_EXEC.lnk = C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153393342203 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Lataa HostsXpert.zip: [*]Pura HostsXpert sopivaan kansioon, kuten C:\Hoster [*]Aja HostsXpert.exe sen uudesta kansiosta [*]Klikkaa "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa) [*]Klikkaa "Restore Microsoft's Hosts File" ja sitten OK [*]Sulje ohjelma.a Huomaa: JOS käytit mukautettuja Hosts-filuja, sinun täytyy laittaa yksikin niistä riveistä itse takaisin. ********* Lataa Dr.Web CureIt työpöydälle: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. [*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata. [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. [*]Klikaa vihreää nuolta oikealla ja scan alkaa. [*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. [*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: [*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. [*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list [*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv [*]Sulje Dr.Web Cureit. [*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. [*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
Ongelma katosi HostsXpertin myötä ja Dr.Web CureIt löysi myös jotain. Tässä logi: mirc.exe c:\documents and settings\lauri\omat tiedostot\mirc Program.mIRC.616 Deleted. stdio.dll C:\Documents and Settings\Lauri\Omat tiedostot\mIRC\script\dlls IRC.Flood Deleted. HostsXpert.exe C:\HostsXpert\HostsXpert Probably WIN.WORM.Virus Incurable.Moved. MiniBugTransporter.dll C:\Program Files\Common Files\Real\WeatherBug Adware.Minibug Incurable.Moved. j4_f.wav C:\Program Files\Pelit\Rockstar Games\Grand Theft Auto 3\audio Modification of V2Px.1190 Moved. Setup.exe C:\Program Files\Setup Adware.SaveNow Incurable.Moved. A0154816.dll C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP391 Probably STPAGE.Trojan Incurable.Moved. A0154819.dll C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP391 Adware.Hotbar Incurable.Moved. A0154820.dll C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP391 Adware.Hotbar Incurable.Moved. A0162851.dll C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP408 Adware.Whenu Incurable.Moved. A0162852.exe C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP408 Adware.SaveNow Incurable.Moved. SetupInstRe.exe D:\Ohjelmat Adware.SaveNow Incurable.Moved.
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Tässä ohje miten merkataan: *********** 1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2! [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. 2. [*]Käynnistä AVG eAnti-Spyware. [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. [*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu [*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa. [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". [*]Sitten "Reports" valikon alta: [*]Laita täppi kohtaan "Automatically generate report after every scan" [*]Ota täppi pois kohdasta"Only if threats were found" [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa [*]"Resident shield is", muuta tila active:sta inactive:ksi [*]Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä tietokone vikasietotilaan: 1. Käynnistä tietokone uudelleen. 2. Kun tietokone käynnistyy, paina F8-näppäintä. 3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja. 4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila. 5. Paina ENTER-näppäintä. HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta. [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware. [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi. *********** Avaa omatietokone Paina hiiren oikealla napilla Paikallinen levy (C asemaa (Tai sitä kovalevyasemaa jota käytät, olisi suotavaa jos tekisit tämän kaikille kiintolevyillesi joita omistat esim. D, F, G) ->valitse ominaisuudet Avaa työkalut välilehti ->aja virheen etsintä *molemmat kohdat, siis etsi ja korjaa ->eheytä kiintolevy ********* Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1 Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös puhdistettua rekisterisi. -korjaa automaattisesti tiedostojärjestelmän virheet¨ -etsi ja yritä korjata virheelliset sektorit ***** Jos sinulla ei ole tätä java versiota (6.1): Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ********* Uusi Hijackthis logi ja onko ongelmia?
Noniin, nyt on kaikki tehty! Selaimet toimivat normaalisti niinkuin pitääkin eikä muitakaan ongelmia ole. Kiitoksia vain paljon avusta! Tässä AVG:n raportti: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 19:15:48 17.4.2007 + Scan result: C:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-73586283-2147183749-725345543-1004\Software\Internet Security -> Adware.Generic : Cleaned with backup (quarantined). C:\Documents and Settings\Lauri\DoctorWeb\Quarantine\A0154819.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\Lauri\DoctorWeb\Quarantine\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined). C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP427\A0171770.dll -> Adware.Minibug : Cleaned with backup (quarantined). C:\Documents and Settings\Lauri\DoctorWeb\Quarantine\SetupInstRe.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP401\A0160542.dll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP408\A0162853.exe -> Adware.SaveNow : Cleaned with backup (quarantined). D:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP427\A0171772.exe -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Pelit\Rockstar Games\Grand Theft Auto San Andreas\hlm-intro.exe -> Backdoor.Hupigon.kg : Cleaned with backup (quarantined). C:\Documents and Settings\Lauri\DoctorWeb\Quarantine\Setup.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined). C:\System Volume Information\_restore{927A83B0-0DD2-4260-A62C-C9B17325DB65}\RP427\A0171771.exe -> Dropper.Agent.asf : Cleaned with backup (quarantined). :mozilla.99:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.158:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.159:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.47:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.48:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Lauri\Cookies\lauri@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.163:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.166:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.39:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.41:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.42:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.48:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.7:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\mlyytiea.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.8:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\mlyytiea.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Vieras\Cookies\vieras@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.184:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.50:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Vieras\Cookies\vieras@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.15:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.172:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned. :mozilla.84:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.85:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.86:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.95:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Connextra : Cleaned. :mozilla.40:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.178:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Etracker : Cleaned. :mozilla.95:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Etracker : Cleaned. :mozilla.12:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.13:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.133:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.134:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.155:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.126:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.16:C:\Documents and Settings\Seppo\Application Data\Mozilla\Firefox\Profiles\scsbprg7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.87:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.98:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.177:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned. :mozilla.175:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.31:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.32:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.33:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.34:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.35:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Vieras\Cookies\vieras@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.102:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.104:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.105:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.51:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.52:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.53:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.54:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.92:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.94:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.95:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.7:C:\Documents and Settings\Seppo\Application Data\Mozilla\Firefox\Profiles\scsbprg7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.8:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.8:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.9:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Lauri\Cookies\lauri@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Vieras\Cookies\vieras@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.9:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Toplist : Cleaned. :mozilla.10:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.54:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.55:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.6:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.6:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\mlyytiea.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.7:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.9:C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.9:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\mlyytiea.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Vieras\Cookies\vieras@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.42:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Aira\Cookies\aira@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.131:C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\tdleb8ub.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.78:C:\Documents and Settings\Aira\Application Data\Mozilla\Firefox\Profiles\08dktj5p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. ::Report end Ja sitten vielä uusi HjT-logi: Logfile of HijackThis v1.99.1 Scan saved at 20:33:56, on 17.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\VDOTool\TBPANEL.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe D:\Ohjelmat\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GAINWARD] C:\Program Files\VDOTool\TBPANEL.exe /A O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles/0rvpdp13.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: iTouch.exe O4 - Startup: Pikakuvake EM_EXEC.lnk = C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153393342203 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles\0rvpdp13.default\extensions\{B13721C7-F507-4982-B2 E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lauri\Application Data\Mozilla\Firefox\Profiles/0rvpdp13.default\extensi O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe uusi logi, noista ohjelmista on monenkirjavaa tietoa.
Logfile of HijackThis v1.99.1 Scan saved at 21:52:38, on 17.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\VDOTool\TBPANEL.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Last.fm\LastFM.exe C:\Program Files\MSN Messenger\usnsvc.exe D:\Ohjelmat\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [GAINWARD] C:\Program Files\VDOTool\TBPANEL.exe /A O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: iTouch.exe O4 - Startup: Pikakuvake EM_EXEC.lnk = C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153393342203 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
