Logfile of HijackThis v1.99.1 Scan saved at 7:02:42, on 18.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\csrss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\RunDLL32.exe F:\WINDOWS\CTHELPER.EXE F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Spyware Doctor\sdhelp.exe F:\WINDOWS\System32\alg.exe F:\Program Files\PeerGuardian2\pg2.exe F:\Documents and Settings\Omistaja.OMISTJ-71201A\Työpöytä\Kama\LDC\LDCPlusPlus.exe C:\HijackThis_v1.99.1\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: ODBC service - Unknown owner - F:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - F:\WINDOWS\system32\sfrem01.exe
AVG anti-spyware <-- tuo ei ole kuin skanneri otas tuolta palomuuri ja virusohjelma Linkki sitten otat wintoosan oman palumuurin pois päältä laita sitten uusi hjt loki. niin aletaan taputtelemaan sitten.
Tiedän tiedän. =) No onhan tossa joku hikinen shieldi. Ehota mulle jotain kevyttä hyvää viruksen/matojen/trjoilaisten/spywareitten poisto ohjelmaa?Sellanen missä ois kaikki paketissa.Mieluiten vaikka ilmanen.
avast ja palomuuri zone arlam esim sitten spywareblaster Noilla nyt pästäis alkuun saatais noi rippeetkin pois tuolta
Nortonin jämiää McAfee Popup Blocker pyyhkäse nyt tolla ekaksi Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi: • Käynnistä tietokone • Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa • Seuraavaksi pitäisi ilmestyä valikko • Valitse valikosta vikasietotila. • Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. • Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. • Paina Y käynnistääksesi skriptin. • Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". • Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. • Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. • Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". • Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. • Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.
Scannasin tolla avastilla nytten ja löyty viruksia+troijalaisia ja sain poistettu niinku siellä kunse kysäsi,että haluutko niinku tarkistaa käynnistyksen yhteydessä tai siinä.Uusi logi on tässä -> Logfile of HijackThis v1.99.1 Scan saved at 6:56:07, on 20.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\csrss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\RunDLL32.exe F:\WINDOWS\CTHELPER.EXE F:\WINDOWS\SOUNDMAN.EXE F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe F:\Program Files\Alwil Software\Avast4\ashServ.exe F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Spyware Doctor\sdhelp.exe F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe F:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\WINDOWS\System32\alg.exe F:\Program Files\PeerGuardian2\pg2.exe F:\Documents and Settings\Omistaja.OMIST-71201A\Työpöytä\Kama\LDC\LDCPlusPlus.exe C:\HijackThis_v1.99.1\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Call of Juarez O4 - HKLM\..\Run: [Windows Services] "F:\Program Files\svchosts.exe" O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: ODBC service - Unknown owner - F:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - F:\WINDOWS\system32\sfrem01.exe SDFix: Version 1.66 Run by Omistaja - ti 20.02.2007 @ 7:10:47,60 Microsoft Windows XP [versio 5.1.2600] Running From: F:\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: F:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "E:\\Kama\\LDC\\LDCPlusPlus.exe"="E:\\Kama\\LDC\\LDCPlusPlus.exe:*:Enabled:LDC++" "F:\\Program Files\\Steam\\SteamApps\\Seam404\\counter-strike\\hl.exe"="F:\\Program Files\\Steam\\SteamApps\\Seam404\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "F:\\Documents and Settings\\Omistaja.OMISTAJ-71201A\\Työpöytä\\Kama\\LDC\\LDCPlusPlus.exe"="F:\\Documents and Settings\\Omistaja.Omistaja-71201A\\Työpöytä\\Kama\\LDC\\LDCPlusPlus.exe:*:Enabled:LDC++" "F:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="F:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0" "F:\\Program Files\\uTorrent\\utorrent.exe"="F:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Etätuki - Windows Messenger ja ääniyhteys" "F:\\Program Files\\Call of Duty\\CoDMP.exe"="F:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP" "F:\\Program Files\\ApexDC++\\ApexDC.exe"="F:\\Program Files\\ApexDC++\\ApexDC.exe:*:Enabled:ApexDC++" "C:\\Roina#6\\P2P-Ohjelmat\\DC++ Clinut\\BCDCPlusPlus-0.698a\\DCPlusPlus.exe"="C:\\Roina#6\\P2P-Ohjelmat\\DC++ Clinut\\BCDCPlusPlus-0.698a\\DCPlusPlus.exe:*:Enabled:BCDC++" "F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*isabled:MSN Messenger" "F:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe"="F:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe:*:Enabled:commandos3" "F:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="F:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "F:\\WINDOWS\\system32\\dplaysvr.exe"="F:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "F:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="F:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam" "F:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe"="F:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArms\\System\\bia.exe:*:Enabled:Brothers In Arms: Road to Hill 30" "F:\\Program Files\\DC++\\DCPlusPlus.exe"="F:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++" "F:\\Program Files\\GameSpy Arcade\\Aphex.exe"="F:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "F:\\Program Files\\GameSpy Arcade\\Services\\_common\\RWVoice.exe"="F:\\Program Files\\GameSpy Arcade\\Services\\_common\\RWVoice.exe:*:Enabled:RogerWilco Lite for GameSpy Arcade" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files: --------------- Checking For Files with Hidden Attributes : F:\Program Files\serial.zip F:\Program Files\wunauclt.zip Add/Remove Programs List: a-squared Free 2.1 Ad-Aware SE Personal avast! Antivirus AVG Anti-Spyware 7.5 Brothers In Arms BSPlayer Call of Duty CCleaner (remove only) DC++ 0.699 Deer Hunter - The 2005 Season DivX Content Uploader ffdshow (remove only) GameSpy Arcade HijackThis 1.99.1 Quake 4(TM) Call of Juarez Far Cry Microsoft .NET Framework 1.1 Mozilla Firefox (2.0.0.1) NVIDIA Drivers PeerGuardian 2.0 Registry Mechanic 6.0 Spybot - Search & Destroy 1.4 Spyware Doctor 4.0 Steam UberSoldier æTorrent VideoLAN VLC media player 0.8.4a Winamp (remove only) Windows Media Format Runtime Windows Media Player 10 WinRAR-pakkausohjelma Battlefield 2: Deluxe Edition Quake 4(TM) AutoUpdate Far Cry (Patch 1.3) Far Cry (Patch 1.33) Call of Juarez Microsoft Windows Journal Viewer Microsoft .NET Framework 1.1 Finnish Language Pack TRS2006 DivX Codec DivX Player MSN Messenger 7.5 Hitman Blood Money DivX Converter DivX Web Player Commandos 3 - Destination Berlin FlatOut2 Microsoft .NET Framework 1.1 Silent Hill 2 Half-Life(R) 2 Far Cry Battlefield Vietnam(TM) Far Cry (Patch 1.31) Nero 7 Ultra Edition Realtek AC'97 Audio Microsoft Windows XP -k„ytt”j„rjestelm„n ohjatun CD-levylle tallentamisen HighMAT-laajennus Finished
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Services] "F:\Program Files\svchosts.exe" aja tuosta poistotyökalu Linkki aja escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne. Poista vikasiedossa F:\Program Files\svchosts.exe Päivitä AVG Anti-Spyware ja aja se vikasiedossa laita lokit tänne ja uusi hjt loki
[bold]AVG Anti-Spyware[/bold] --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 4:07:13 21.2.2007 + Scan result: F:\WINDOWS\patcher.exe -> Logger.Agent : Cleaned. ::Report end Tarkistin koko koneen aluksi ja tuolta winukan kansiosta löytyi se pöpö ja samalla kun yritin tehdä jtn kun olin koko koneen tarkistannut niin kone tökkäs ja sitten jouduin uusiksi tarkistamaan pelkän ton winukan-kansion.En jaksannut koko konetta meni meinaa pirun monta tuntii.No heti tarkistuksen perään tein ton winukan-kansion tarkistuksen. [bold]eScan[/bold] File F:\Documents and Settings\Omistaja.Omistaja-71201A\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File F:\Documents and Settings\Omistaja.Omistaja-71201A\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File F:\Documents and Settings\Omistaja.Omistaja-71201A\Omat tiedostot\Downloads\Symantec.Norton.Antivirus.2007.Full\Symantec.Norton.Antivirus.2007.Full\RUN THIS BEFORE NAV INSTALL[THIS CRACKS NAV].exe infected by "Backdoor.Win32.Bifrose.la" Virus. Action Taken: File Renamed. File F:\System Volume Information\_restore{522F11F9-55E9-4DE6-8EB2-E69329AC4C89}\RP416\A0100632.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\System Volume Information\_restore{522F11F9-55E9-4DE6-8EB2-E69329AC4C89}\RP416\A0100636.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File F:\System Volume Information\_restore{612EBDB2-475C-4A89-8B54-B027AB3EC43F}\RP64\A0029175.exe infected by "Trojan-Downloader.Win32.Small.dui" Virus. Action Taken: File Deleted. Tässä toinen logi viellä siitä tarkastuksesta-> Tue Feb 20 17:04:09 2007 => ***** Checking for specific ITW Viruses ***** Tue Feb 20 17:04:09 2007 => Checking for Welchia Virus... Tue Feb 20 17:04:09 2007 => Checking for LovGate Virus... Tue Feb 20 17:04:09 2007 => Checking for CodeRed Virus... Tue Feb 20 17:04:09 2007 => Checking for OpaServ Virus... Tue Feb 20 17:04:09 2007 => Checking for Sobig.e Virus... Tue Feb 20 17:04:09 2007 => Checking for Winupie Virus... Tue Feb 20 17:04:09 2007 => Checking for Swen Virus... Tue Feb 20 17:04:09 2007 => Checking for JS.Fortnight Virus... Tue Feb 20 17:04:10 2007 => Checking for Novarg Virus... Tue Feb 20 17:04:10 2007 => Checking for Pagabot Virus... Tue Feb 20 17:04:10 2007 => Checking for Parite.b Virus... Tue Feb 20 17:04:10 2007 => Checking for Parite.a Virus... Tue Feb 20 17:04:10 2007 => ***** Scanning complete. ***** Tue Feb 20 17:04:10 2007 => Total Number of Files Scanned: 87564 Tue Feb 20 17:04:10 2007 => Total Number of Virus(es) Found: 6 Tue Feb 20 17:04:10 2007 => Total Number of Disinfected Files: 0 Tue Feb 20 17:04:10 2007 => Total Number of Files Renamed: 3 Tue Feb 20 17:04:10 2007 => Total Number of Deleted Files: 1 Tue Feb 20 17:04:10 2007 => Total Number of Errors: 27 Tue Feb 20 17:04:10 2007 => Time Elapsed: 01:00:19 Tue Feb 20 17:04:10 2007 => Virus Database Date: 2007/02/20 Tue Feb 20 17:04:10 2007 => Virus Database Count: 269751 Tue Feb 20 17:04:10 2007 => Scan Completed. F:\Program Files\svchosts.exe <-- Tuota tiedostoa en löytännyt. Uusi HJT-logi on tässä : Logfile of HijackThis v1.99.1 Scan saved at 4:17:45, on 21.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\csrss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\RunDLL32.exe F:\WINDOWS\CTHELPER.EXE F:\WINDOWS\SOUNDMAN.EXE F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe F:\Program Files\Alwil Software\Avast4\ashServ.exe F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Spyware Doctor\sdhelp.exe F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe F:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\WINDOWS\System32\alg.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HijackThis_v1.99.1\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: ODBC service - Unknown owner - F:\WINDOWS\system32\odbc.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - F:\WINDOWS\system32\sfrem01.exe
F:\Documents and Settings\Omistaja.Omistaja-71201A\Omat tiedostot\Downloads\Symantec.Norton.Antivirus.2007.Full Poista 1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK aja ccleaner lataa tuolta http://www.ccleaner.com/download/builds.aspx CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria ! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja puhistaja > tutki > putsaa oikea alakulma aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.
Noniin oon tehnyt tolleen.Oisko viellä jtn fixii? Miksi muuten tuo Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa <-- Kannatti tehä?
