Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 0:00:34, on 2.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\internet explorer\iexplore.exe C:\Pommi\HiJackThis_v2.0.0.0.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 6436 bytes
poista tuo Trend Micro HijackThis v2.0.0 (BETA) versio lisää poista sovellutuksesta ======================== tuosta sitten Lataa TÄSTÄ HJTInstall.exe * Tallenna HJTInstall.exe työpöydällesi. * Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. * Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. * Klikkaa Install. * Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. * Kun asennus on valmis, se käynnistää HijackThisin. * Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. * Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. * Liitä lokin sisältö seuraavaan vastaukseesi. * ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. * ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia. ============================ Ohje AVG:n Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG:n Anti-Spyware 7.5:n ja tallenna ohjelma työpöydällesi. o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. o Käynnistä AVG:n Anti-Spyware. o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". o Sitten "Reports" valikon alta: o Laita täppi kohtaan "Automatically generate report after every scan" o Ota täppi pois kohdasta"Only if threats were found" o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa o "Resident shield is", muuta tila active:sta inactive:ksi o Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuoli näppäimellä vikasietotila paina enter ja enter HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta. o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware. o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi. ======================== Lataa tuolta http://www.ccleaner.com/download/builds.aspx CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:45, on 2.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 5632 bytes --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:33:12 2.9.2007 + Scan result: C:\Documents and Settings\Sami\Cookies\sami@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Sami\Cookies\sami@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Sami\Cookies\sami@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Sami\Cookies\sami@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Sami\Cookies\sami@statistik-gallup[2].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\Sami\Cookies\sami@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end
scannaa hjt:llä merkkaa paina Fix checked R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = ======================= Lataa Dr.Web CureIt työpöydälle: Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. Kun scan on valmis, merkkaa asemat, jotka haluat scannata. Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. Klikaa vihreää nuolta oikealla ja scan alkaa. Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv Sulje Dr.Web Cureit. Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
pv.exe C:\Documents and Settings\Sami\Omat tiedostot\smitRem Program.PrcView.3741 Moved. pv.exe C:\Documents and Settings\Sami\Työpöytä\smitRem Program.PrcView.3741 Moved. pv.exe C:\smitRem Program.PrcView.3741 Moved. A0007172.exe C:\System Volume Information\_restore{CC773E3C-7E04-4027-ADF6-87B3E2EE6F1C}\RP117 Trojan.StartPage.20448 Deleted. A0007305.exe C:\System Volume Information\_restore{CC773E3C-7E04-4027-ADF6-87B3E2EE6F1C}\RP119 Trojan.StartPage.20448 Deleted. A0007809.exe C:\System Volume Information\_restore{CC773E3C-7E04-4027-ADF6-87B3E2EE6F1C}\RP119 Trojan.StartPage.20448 Deleted. A0008026.exe C:\System Volume Information\_restore{CC773E3C-7E04-4027-ADF6-87B3E2EE6F1C}\RP120 Trojan.StartPage.20448 Deleted.
Tässä kasperskyn löytöjä. <html> <head> <title>KASPERSKY ONLINE SCANNER REPORT</title> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> </head> <style> .pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; } .text { font-size:11px; font-family: Arial, Geneva, sans-serif; } TD { font-size:11px; font-family: Arial, Geneva, sans-serif; } </style> <body> <table width='100%' height='110' border='0'> <tr height='30' align='center' bgcolor='#005447'> <td colspan='2' height='30' class='pagetitle'> <b>KASPERSKY ONLINE SCANNER REPORT</b> </td> </tr> <tr height='70'> <td colspan='2' height='70'> 2007-09-03 16:59<br> Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)<br> Kaspersky Online Scanner version: 5.0.93.0<br> Kaspersky Anti-Virus database last update: 3/09/2007<br> Kaspersky Anti-Virus database records: 402949<br> </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> </table> <table width='100%' height='145' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Settings</b></td> </tr> <tr height='15'> <td height='15' width='250'>Scan using the following antivirus database</td> <td>extended</td> </tr> <tr height='15'> <td height='15'>Scan Archives</td> <td>true</td> </tr> <tr height='15'> <td height='15'>Scan Mail Bases</td> <td>true</td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Scan Target</b></td> <td>My Computer</td> </tr> <tr height='20'> <td colspan='2' height='20'> A:\<br> C:\<br> D:\<br> F:\<br> G:\<br> H:\<br> O:\ </td> </tr> <tr height='10'> <td colspan='2' height='10'> </td> </tr> <tr height='20' bgcolor='#EFEBDE'> <td colspan='2' height='20'><b>Scan Statistics</b></td> </tr> <tr height='15'> <td height='15'>Total number of scanned objects</td> <td>47098</td> </tr> <tr height='15'> <td height='15'>Number of viruses found</td> <td>1</td> </tr> <tr height='15'> <td height='15'>Number of infected objects</td> <td>4</td> </tr> <tr height='15'> <td height='15'>Number of suspicious objects</td> <td>0</td> </tr> <tr height='15'> <td height='15'>Duration of the scan process</td> <td>00:49:20</td> </tr> </table> <br> <table width='100%' border='0'> <tr height='20' bgcolor='#EFEBDE'> <td height='20'><b>Infected Object Name</b></td> <td width='200'><b>Virus Name</b></td> <td width='100'><b>Last Action</b></td> </tr> <tr height='20'> <td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Cookies\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Application Data\SupportSoft\Sonera\Sami\state\logs\sprtcmd.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Sivuhistoria\History.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\ntuser.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\ntuser.dat.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix\Reboot.exe </td> <td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe </td> <td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix.exe/data.rar </td> <td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix.exe </td> <td>RarSFX: infected - 2 </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chandir.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chandir.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chn.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chn.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\D0000000.FCS </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\inuse.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\L0000004.FCS </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\main.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_die.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_die.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_dnd.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_dnd.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_ext.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_ext.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_rcv.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_rcv.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\storydb.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\storydb.idx </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Sygate\SPF\debug.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Sygate\SPF\rawlog.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Sygate\SPF\seclog.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Sygate\SPF\syslog.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\Program Files\Sygate\SPF\tralog.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\System Volume Information\MountPointManagerRemoteDatabase </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SchedLgU.Txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{CE1C9EEE-CECE-4680-AEDA-04AE773BF0BC}.bin </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\Antivirus.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\default </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\default.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SAM </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SECURITY </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\software </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\software.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\system </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\config\system.LOG </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\h323log.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\temp\Perflib_Perfdata_55c.dat </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\temp\_avast4_\Webshlock.txt </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td height='20'>C:\WINDOWS\WindowsUpdate.log </td> <td>Object is locked </td> <td>skipped </td> </tr> <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr> <tr height='20'> <td colspan='3' height='20'><b>Scan process completed.</b></td> </tr> </table> </body> </html>
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
Elikkäs minulla katkeilee netti myös (välillä parin minuutin välein ja välillä harvemmin) ja koitan löytää siihen selvitystä. Käyttis: Windows XP SP2 Antivirus: Norton 2005 Modeemi: A-LINK RR24AP Netissäkään tuskin on vikaa koska minun xbox360 on samassa modeemissa (IPTV portissa) kytkettynä ja se toimi netin välityksellä moitteettomasti. Verkkokaapelit ovat myöskin ehjät. Katkeilu alkoi jostain kumman syystä tänään aamupäivällä. Tässä hjt-loki: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:07, on 4.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\PC Protection\backweb\4384293\program\fsbwsys.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6730 bytes
