hjt-logi tarkistettavaksi

Logfile of HijackThis v1.99.1
Scan saved at 10:43:42 PM, on 13/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\dgkqbraj.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINNT\wwcstkv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\jeff\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webfile.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [A63e1F] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINNT\wwcstkv.exe
O4 - HKLM\..\Run: [bO²
ùð]×y-¯Œ] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [bO²
ùõö/ØG%)ßfÏNb¡¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dgkqbraj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA768E6-57EC-45A2-B50F-2E08ACE40726}: NameServer = 203.2.124.164 203.2.124.165
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

 

Hieno kokoelma örkkejä

HjT omaan kansioon -> c:\hjt

Poista ohjauspaneelista (lisää/poista sovellus)

SideFind
YourSiteBar
ISTsvc
SurfAccuracy
Internet Optimizer
Power Scan
WinFixer 2005

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [A63e1F] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINNT\wwcstkv.exe
O4 - HKLM\..\Run: [bO²
ùð]×y-¯Œ] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [bO²
ùõö/ØG%)ßfÏNb¡¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dgkqbraj.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab[/b]

Imuroi aproposfix:

http://swandog46.geekstogo.com/aproposfix.exe

Tallenna työpöydälle. älä aja sitä vielä.

Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\WINNT\nem220.dll
C:\Program Files\SideFind
C:\Program Files\YourSiteBar
C:\Program Files\ISTsvc
C:\Program Files\SurfAccuracy
C:\Program Files\Internet Optimizer
C:\Program Files\Power Scan
C:\WINNT\dgkqbraj.exe
C:\WINNT\wwcstkv.exe
C:\Program Files\WinFixer 2005
C:\WINNT\web\related.htm

Vikasiedossa tuplaklikkaa aproposfix.exe ja pura se työpöydälle omaan kansioonsa.

Sitte eti kansiosta runthis.bat, seuraa näyttöä ja vastaa kysymyksiin.

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Käynnistä uudelleen ja lähetä ewidon raportti, uusi HjT-loki ja aproposfix-kansiosta sen loki log.txt.

 

paasin kylla f8lla johonkin valikkoon mutta sitten tuli ongelmaksi kun ei oikein tieda mika on vikasietotila englanniksi! jos joku viitsisi noi viela kaantaa lontooksi! kiitos

 

Tuosta on varmaan apua

http://www.pchell.com/support/safemode.shtml

 

tassa sitten raportit!

ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:05:12 PM, 15/05/2006
+ Report-Checksum: FA3CE2B2

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\PowerScan -> Adware.PowerScan : Cleaned with backup
C:\WINDOWS\Cookies\jeff@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Cookies\jeff@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Cookies\jeff@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\WINDOWS\Cookies\jeff@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Cookies\jeff@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Cookies\jeff@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Cookies\jeff@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\jeff@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\WINDOWS\Cookies\jeff@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Cookies\jeff@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Cookies\jeff@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Cookies\jeff@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Cookies\jeff@ehg-guba.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Cookies\jeff@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\WINDOWS\Cookies\jeff@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Cookies\jeff@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Cookies\jeff@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\WINDOWS\Cookies\jeff@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Common Files\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\RECYCLED\Dc14.dll -> Downloader.Dyfuca : Cleaned with backup
C:\RECYCLED\Dc17\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.nt : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\uninstall.exe -> Adware.PowerScan : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@sensis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@digitalhomediscountptyltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@e-2dj6wjlosmazefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@banner.casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.sidefind[3].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@banner.casinolasvegas[3].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP6\A0018756.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP6\A0018757.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029363.dll -> Adware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029364.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029365.EXE -> Downloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029366.EXE -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029367.EXE -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029368.exe -> Adware.SurfAcc : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029369.exe -> Adware.SurfAcc : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029371.exe -> Adware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029372.exe -> Adware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029387.dll -> Adware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029391.dll -> Downloader.IstBar.ms : Cleaned with backup

::Report End


ja sitten hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 7:18:04 PM, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Documents and Settings\jeff\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


ja viela aproposfix:

Log of AproposFix v1.1

************
Running from directory:
C:\Documents and Settings\jeff\Desktop\aproposfix2\aproposfix

************
Registry entries found:

 

Nyt näyttää hyvältä

Onko tuossa McAfeessa myös palomuuri? Jos ei, niin hae täältä sopiva ->
http://keskustelu.afterdawn.com/thread_view.cfm/162275

 

mista nakee onko siina palomuuri?

 

No kun sulla ei ole SP2:sta ja tietoturvakeskusta ohjauspaneelissa, niin mistään ei näe varmasti. Käsitykseni mukaan tuo on pelkkä antivirus. Onko sitten Windowsin oma palomuuri päällä? Siis Control Panel -> Windows Firewall. Sieltä näkee.

 

ei taman koneen control panelissa ole edes kohtaa firewall eli ei siis ole palomuuria... taytyypa ladata sekin sitten... kiitti

 

Juu, palomuuri on syytä olla ja ole hyvä

 

tuleeko ongelmaa jos on mcafeen virustorjunta ja joku muu palomuuri? pystytko suosittelemaan mitaan noista palomuureista?

vai kannattaisko vaihtaa virustorjunta samantien?

 

Ei pitäisi tulla ongelmia. ZoneAlarm ja Kerio ovat hyviä palomuureja.