HJT-loki + BitDefender, Kaspersky lokit

Porshe · Jul 30, 2007

Logfile of HijackThis v1.99.1
Scan saved at 12:33:38, on 30.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\Program Files\Samurize\Client.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
D:\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

-------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 30, 2007 12:27:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/07/2007
Kaspersky Anti-Virus database records: 346629
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 134027
Number of viruses found: 3
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:26:32

Infected Object Name / Virus Name / Last Action
C:\Boss - My Files\Application Data\AVG7\l_000105.log Object is locked skipped
C:\Boss - My Files\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Boss - My Files\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Boss - My Files\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Johtaja\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007072320070730\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007073020070731\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Temp\Perflib_Perfdata_fd0.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Temp\Perflib_Perfdata_ffc.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Temp\tmp000020f0\tmp00000000 Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Johtaja\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Miikka\Application Data\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\1035.MST Object is locked skipped
C:\Documents and Settings\Miikka\Application Data\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\ARPPRODUCTICON.exe Object is locked skipped
C:\Documents and Settings\Miikka\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Miikka\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk Object is locked skipped
C:\Documents and Settings\Miikka\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Miikka\ntuser.ini Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2007-07-29.18-01-09.log Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/service.exe Infected: Trojan.Win32.Agent.amg skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar Infected: Backdoor.Win32.Iroffer.af skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
D:\µTorrent\Temponary\The Simpsons Movie (2007) NOFEAR TS KvCD Jamgood(TUS Release)\The Simpsons Movie (2007) NOFEAR TS KvCD Jamgood(TUS Release).bin Object is locked skipped
G:\Games\Need.For.Speed.Carbon.Collectors.Edition\rzr-nfsc\Razor1911\Keygen.exe Object is locked skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar RAR: infected - 2 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP11\A0003108.exe Object is locked skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP11\A0003141.exe Object is locked skipped
G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003545.exe Object is locked skipped
G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003546.exe Object is locked skipped
G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003547.exe Object is locked skipped
G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP14\A0006978.exe Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011367.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011417.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011427.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011595.exe Object is locked skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013205.exe Object is locked skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013211.exe Object is locked skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017911.exe Object is locked skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017921.exe Object is locked skipped
J:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
J:\System Volume Information\_restore{E5FD512E-C371-474A-9BDA-799C2EDF426D}\RP7\A0002262.exe Object is locked skipped

Scan process completed.

------

Bitdefender löysi 12 jotain erilaista virusta ja poisti ilmeisesti ne ke kaikki mutta sitä lokia en viitsi tähän laittaa koska se tuli jotain ihme koodina ja se on noin kolme kertaa pidempi kun nää 2 edellistä yhteensä. Viitsiskö joku tarkistaa hjt lokin ja kertoo mahdollisesti jonkun ohjelman millä viel scannais`?

Auttaja · Aug 1, 2007

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.

* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

myös uusi hjtlogi

Porshe · Aug 2, 2007

^^ Olikohan tossa sun ohjeessas jotain väärin? Kirjotin Y kirjaimen, painoin Enter ja mitään ei tapahtunu?

Oon ajatellu vaihtaa ton AVG virus ohjelman tuohon BitDefender 8 Free. Mutta onko siinä realtime protection? ''Virus scanning and removal
On demand scanning - Powerful scan engines ensure detection and removal of all viruses in the wild every time you need it.'' Tosta saa meinaan semmosen käsityksen.

Auttaja · Aug 2, 2007

Yritit ajaa vikasietotilassa?

Porshe · Aug 3, 2007

käynnistä -> suorita -> msconfig ->
^^ Rasti ruutuun ''käynnistys vianmääritystilassa'' eikö tuo sitten ole?

Auttaja · Aug 3, 2007

eipä taida olla... hakkaa sitä f8 käynnistyksen alussa niin pääset...

Porshe · Aug 5, 2007

Ei mun biossista ainakaan aukee f8 sitä valikkoa. Ootko nyt ihan varma ettei toi vianmääritystila o sama kun vikasietotila?

Auttaja · Aug 5, 2007

1. Lataa tästä poistotyökalu ja tallenna se työpöydällesi http://sosvirus.changelog.fr/MSNFix.zip
2. Pura se MSNFix kansioon
3. Avaa kansio ja käynnistä MSNFix.bat
4. Valitse haluamasi kieli ikkunassa näkyvästä listasta kirjoittamalla joku niistä kirjaimista ja paina ENTER. E = englanti
5. Kirjoita seuraavaksi R kirjain ja paina ENTER käynnistääksesi virushaun.
6. Sen jälkeen paina uusiksi ENTER poistaaksesi työkalun löytämät tiedostot.

Porshe · Aug 5, 2007

MSN_Fix 1.454

C:\Documents and Settings\Johtaja\Ty”p”yt„\MSNFix
Scan done at ma 06.08.2007 - 0:29:46,17 By Johtaja
normal mode

************************ Checking Files

... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*

************************ Checking Folders

No Folders Found

************************ Deleting malware Files

/!\ ... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*

************************ Registry Cleaning

Others Files will be deleted after a reboot to normal mode

************************ Deleting malware Files

/!\ ... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*

[C:\WINDOWS\Samurize.scr] 24FE50950AB3DD3F1691A7B3B50CEC62
************************ Suspect Files

/!\ The detected files must be reviewed by a forum Helper before changes can be made

[C:\WINDOWS\Samurize.scr] 24FE50950AB3DD3F1691A7B3B50CEC62
No files found

The File and Registry deletions have been saved in ma 06.08.2007_ 9002014.zip

------------------------------------------------------------------------
Author : !aur3n7 Contact: http://www.changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Mahtokos tuo nyt lähteä?

Auttaja · Aug 6, 2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)

Tässä ohje miten merkataan:

=======

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Porshe · Aug 7, 2007

ComboFix 07-08-04.3 - "Johtaja" 2007-08-07 14:44:17.1 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 14:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 12:06 <KANSIO> d-------- C:\Program Files\DHShutdown
2007-08-01 23:51 <KANSIO> d-------- C:\DOCUME~1\Johtaja\APPLIC~1\Opera
2007-07-31 22:22 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-31 14:51 <KANSIO> d-------- C:\Program Files\BSplayer
2007-07-31 01:31 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-07-31 01:03 <KANSIO> d-------- C:\Program Files\MediaPlayerClassic
2007-07-29 23:59 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-29 23:59 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2007-07-27 23:15 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-27 23:15 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-27 23:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-27 23:14 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2007-07-27 23:14 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2007-07-27 23:13 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-07-27 23:13 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-07-27 23:11 <KANSIO> d-------- C:\Program Files\Focus
2007-07-27 01:08 150,016 --a------ C:\WINDOWS\system32\Unzip32.dll
2007-07-27 01:08 <KANSIO> d-------- C:\Program Files\Bluetack
2007-07-25 23:05 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-24 12:54 <KANSIO> d-------- C:\Program Files\B2BPOKER
2007-07-24 01:56 <KANSIO> d-------- C:\Program Files\Maxthon2
2007-07-23 08:45 <KANSIO> d-------- C:\Program Files\IE7Pro
2007-07-22 22:01 11,652 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-07-22 20:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-22 20:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-22 20:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-22 20:40 2,150 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-20 16:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
2007-07-20 16:53 <KANSIO> d-------- C:\Program Files\Common Files\Screaming Bee
2007-07-20 10:23 12,831,088 --------- C:\AVG7QT.DAT
2007-07-20 09:24 <KANSIO> d-------- C:\DOCUME~1\Johtaja\usernotes
2007-07-17 00:13 <KANSIO> d-------- C:\Program Files\Samurize

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 14:37 --------- d-------- C:\Boss - My Files\Application Data\DMCache
2007-08-06 09:24 --------- d-------- C:\Boss - My Files\Application Data\foobar2000
2007-08-06 01:49 --------- d-------- C:\Boss - My Files\Application Data\uTorrent
2007-08-06 00:23 --------- d--h----- C:\Boss - My Files\Application Data\.piratepornload
2007-08-05 17:10 --------- d-------- C:\Boss - My Files\Application Data\teamspeak2
2007-08-02 00:02 --------- d-------- C:\Program Files\Internet Download Manager
2007-08-01 23:32 --------- d-------- C:\Boss - My Files\Application Data\BSplayer
2007-08-01 12:31 10085 --a------ C:\WINDOWS\msvrc20.dll
2007-07-27 23:14 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 23:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 02:11 71202 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-24 02:11 366824 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-23 11:39 202160 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-07-23 08:45 --------- d-------- C:\Boss - My Files\Application Data\IE7Pro
2007-07-01 17:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-01 16:26 --------- d-------- C:\Boss - My Files\Application Data\Ahead
2007-07-01 16:05 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-01 13:34 4 --a------ C:\WINDOWS\info147.sys
2007-07-01 13:04 --------- d-------- C:\Program Files\Common Files\Totem Shared
2007-06-28 17:31 --------- d-------- C:\Boss - My Files\Application Data\Command & Conquer 3 Tiberium Wars
2007-06-28 17:31 --------- d-------- C:\Boss - My Files\Application Data\aignes
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\vlc
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\WinRAR
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\TuneUp Software
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Opera
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Media Player Classic
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\IDM
2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Help
2007-06-25 02:22 1231 --a------ C:\WINDOWS\mozver.dat
2007-06-21 00:04 --------- d-------- C:\Program Files\VirusTotalUploader
2007-06-20 00:33 --------- d-------- C:\Program Files\IObit
2007-06-18 11:46 --------- d-------- C:\Program Files\Messenger
2007-06-18 02:40 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-15 01:16 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-15 01:07 --------- d-------- C:\Program Files\Notepad2
2007-06-15 00:34 3026 --a------ C:\WINDOWS\system32\drivers\hwinterface.sys
2007-06-14 22:18 249317 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7078.exe
2007-06-14 13:16 --------- d-------- C:\Program Files\Sygate
2007-06-14 13:02 --------- d-------- C:\Program Files\NVIDIA
2007-06-14 13:01 8 --a------ C:\DFIMB.DAT
2007-06-14 12:53 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-07 12:49 0 -ra------ C:\logwmemory.bin
2007-06-07 08:56 --------- d-------- C:\Program Files\Electronic Arts
2007-06-03 14:31 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-13 18:38 0 -rahs---- C:\MSDOS.SYS
2007-05-13 18:38 0 -rahs---- C:\IO.SYS
2007-05-13 18:38 0 --a------ C:\CONFIG.SYS
2007-05-13 18:38 0 --a------ C:\AUTOEXEC.BAT
--------- C:\Program Files\µTorrent

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 14:03 C:\WINDOWS\system32\TWEAKUI.CPL]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16]
"SkyTel"="SkyTel.EXE" [2006-04-24 15:20 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 15:59 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-22 15:02]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-07-28 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoRecentDocsMenu"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000

R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys
R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys
R2 wg4n;SyGate for NT, wg4n;C:\WINDOWS\system32\Drivers\wg4n.sys
R2 wg5n;SyGate for NT, wg5n;C:\WINDOWS\system32\Drivers\wg5n.sys
R2 wg6n;SyGate for NT, wg6n;C:\WINDOWS\system32\Drivers\wg6n.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2007-06-14 22:19:51 C:\WINDOWS\Tasks\1-Click Maintenance.job - D:\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-05 22:48:04 C:\WINDOWS\Tasks\shutdown -s.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 14:45:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

Completion time: 2007-08-07 14:45:31

--- E O F ---

- 1. Mulla ei ollut tuol hjt lokissa enää sitä ''O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)''
- 2. Onko siinä BitDefender 8 Free ohjelmassa real time protection?

Auttaja · Aug 7, 2007

hyvältä näyttää logit.. varmistetaan viel

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Porshe · Aug 7, 2007

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 08, 2007 1:00:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 376862
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 117384
Number of viruses found: 8
Number of infected objects: 80
Number of suspicious objects: 0
Duration of the scan process: 02:08:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Johtaja\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Johtaja\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Johtaja\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2007-08-07.14-38-48.log Object is locked skipped
C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/service.exe Infected: Trojan.Win32.Agent.amg skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar Infected: Backdoor.Win32.Iroffer.af skipped
C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\mIRC\backup\backup.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\mIRC\backup\backup.rar RAR: infected - 1 skipped
D:\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\mIRC\mIRC.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\mIRC\mIRC.rar RAR: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP17\A0014978.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP1\A0000212.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
G:\Games\Need.For.Speed.Carbon.Collectors.Edition\rzr-nfsc\Razor1911\Keygen.exe Object is locked skipped
G:\Miikka\Programs\mIRC-621\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\Miikka\Programs\mIRC-621\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\Miikka\Programs\mIRC-621\mirc621.exe NSIS: infected - 2 skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\Miikka\Programs\Windows XP Genuine.rar RAR: infected - 9 skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
G:\Miikka\Temponary\Adobe PhotoShop CS2.rar RAR: infected - 2 skipped
G:\Miikka\Temponary\BLMInstall277.exe/file31 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
G:\Miikka\Temponary\BLMInstall277.exe Inno: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe RarSFX: infected - 2 skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe PE_Patch.UPX: infected - 2 skipped
G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001786.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar/xpkey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe RarSFX: infected - 3 skipped
G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar/xpkey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe RarSFX: infected - 3 skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar/xpkey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe RarSFX: infected - 3 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011367.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011417.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011427.exe Object is locked skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe RarSFX: infected - 2 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe PE_Patch.UPX: infected - 2 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011506.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe NSIS: infected - 2 skipped
J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011595.exe Object is locked skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013205.exe Object is locked skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013211.exe Object is locked skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013290.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe NSIS: infected - 2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe RarSFX: infected - 2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017911.exe Object is locked skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017921.exe Object is locked skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe RarSFX: infected - 2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe PE_Patch.UPX: infected - 2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018002.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe NSIS: infected - 2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar/xpkey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar/officekey.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe RarSFX: infected - 3 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/RockXP4_.exe Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar Infected: not-a-virusSWTool.Win32.RAS.a skipped
J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe RarSFX: infected - 4 skipped
J:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
J:\System Volume Information\_restore{E5FD512E-C371-474A-9BDA-799C2EDF426D}\RP7\A0002262.exe Object is locked skipped

Scan process completed.

Oliskos sulla semmosesta ohjelmasta tietoa mihin syötetää vaan polku ja se ohjelma poistaa kyseisen tiedoston/kansion ja tekee siitä backupin?

Auttaja · Aug 7, 2007

juups.. kyllähän niit löytyy

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

Log in or Sign up

HJT-loki + BitDefender, Kaspersky lokit

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Share This Page

Log in or Sign up

HJT-loki + BitDefender, Kaspersky lokit

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Porshe Regular member

Auttaja Guest

Share This Page

Useful Searches