hjt-loki.popupit kiusana

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Koina, Feb 9, 2008.

  1. Koina

    Koina Guest

    Eli selain opera (oletuselain) ja popupit hyökkää silmille jatkuvaan ajettu ties millä poisto-ohjelmilla eikä apua ole ollut.muutama esimerkki...hxxp://hopelessromantic.com/pop.php,hxxp://url.adtrgt.com,hxxp://www.brandarama.com,hxxp:/click/?s=950&c=64975 jotka avautuu uuteen ikkunaan 1 min välein.Meinaa palaa hermot jo pikkuhiljaa.joku kiltti jos osais auttaa.Kiitos

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:00:59, on 9.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Opera\Opera.exe
    C:\Documents and Settings\OMA NIMI\Työpöytä\install_flash_player.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    --
    End of file - 5013 bytes
     
    Koina, Feb 9, 2008
    #1
  2. Hujo

    Hujo Guest

    Lataa VundoFix.exe työpöydällesi.

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    ============

    1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    combofix1
    combofix2

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Hujo, Feb 10, 2008
    #2
  3. Koina

    Koina Guest

    eli tässäpä nämä

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 13:31:11 10.2.2008

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    ------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:47:23, on 10.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    --
    End of file - 4949 bytes
    ------------------------------

    ComboFix 08-02.05.3 - lazu 2008-02-10 14:51:27.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.203 [GMT 2:00]
    Running from: C:\Documents and Settings\lazu\Työpöytä\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui

    ----- BITS: Possible infected sites -----

    hxxp://www.download.windowsupdate.com
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-01-10 to 2008-02-10 )))))))))))))))))
    .

    2008-02-10 13:31 . 2008-02-10 13:31 <KANSIO> d-------- C:\VundoFix Backups
    2008-02-09 09:18 . 2008-02-09 09:18 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
    2008-02-09 03:00 . 2008-02-09 03:00 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-02-08 06:15 . 2008-02-10 08:00 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\AVG7
    2008-02-07 23:03 . 2008-02-07 23:03 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-02-07 23:03 . 2008-02-07 23:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-07 14:14 . 2008-02-07 14:14 <KANSIO> d-------- C:\Program Files\Sygate
    2008-02-07 14:14 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
    2008-02-07 14:14 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
    2008-02-07 14:14 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
    2008-02-07 14:12 . 2008-02-07 14:12 <KANSIO> d-------- C:\Program Files\Avira
    2008-02-07 14:12 . 2008-02-07 14:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-07 04:33 . 2008-02-07 04:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-02-07 04:30 . 2008-02-07 04:33 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-07 04:30 . 2008-02-07 04:30 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Malwarebytes
    2008-02-07 01:25 . 2008-02-07 01:25 <KANSIO> d-------- C:\Program Files\URUSoft
    2008-02-07 01:16 . 2008-02-07 01:16 <KANSIO> d-------- C:\Program Files\Gabest
    2008-02-06 22:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-06 22:53 . 2008-02-06 22:56 <KANSIO> d-------- C:\Program Files\Java
    2008-02-06 22:53 . 2008-02-06 22:53 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2008-02-06 15:49 . 2008-02-06 15:49 101 --a------ C:\WINDOWS\wininit.ini
    2008-02-06 14:07 . 2008-02-06 14:08 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-06 14:07 . 2008-02-06 15:50 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-06 00:10 . 2008-02-07 14:57 <KANSIO> d-------- C:\Program Files\Opera
    2008-02-05 11:24 . 2008-02-08 06:20 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-04 15:33 . 2008-02-05 11:26 57 --a------ C:\WINDOWS\WinNetOptimize98ag.cfg
    2008-02-04 14:50 . 2008-02-04 14:50 <KANSIO> d-------- C:\Program Files\mIRC
    2008-02-04 14:50 . 2008-02-04 14:59 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\mIRC
    2008-01-30 14:26 . 2008-01-30 14:28 <KANSIO> d-------- C:\Documents and Settings\lazu\.housecall6.6
    2008-01-30 14:25 . 2008-01-30 14:25 <KANSIO> d-------- C:\WINDOWS\Sun
    2008-01-30 14:15 . 2008-01-30 14:24 671 --a------ C:\WINDOWS\mozver.dat
    2008-01-30 13:16 . 2008-01-30 13:23 888 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-30 11:06 . 2008-01-30 11:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-01-30 09:42 . 2008-01-30 09:42 <KANSIO> d-------- C:\Program Files\Windows Defender
    2008-01-28 12:28 . 2008-01-28 12:34 <KANSIO> d-------- C:\Program Files\Winamp
    2008-01-28 12:28 . 2008-01-28 12:34 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Winamp
    2008-01-28 12:16 . 2008-01-28 12:17 <KANSIO> d-------- C:\Program Files\IrfanView
    2008-01-28 11:27 . 2008-01-28 11:27 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
    2008-01-27 23:17 . 2008-01-27 23:17 <KANSIO> d-------- C:\Program Files\Foxit Software
    2008-01-27 22:24 . 2008-01-27 22:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-01-27 15:08 . 2008-01-27 15:08 0 --a------ C:\WINDOWS\nsreg.dat
    2008-01-27 14:31 . 2008-01-27 14:31 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-27 14:21 . 2008-01-27 14:21 <KANSIO> d-------- C:\WINDOWS\Web
    2008-01-27 14:12 . 2007-10-11 01:52 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-27 14:12 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-27 14:12 . 2007-07-01 05:36 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-27 14:12 . 2007-10-11 01:52 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-27 14:12 . 2007-10-11 01:52 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-27 14:12 . 2007-10-11 01:52 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-27 14:12 . 2007-10-11 01:52 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-27 14:12 . 2007-10-11 01:52 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-27 14:12 . 2007-10-10 12:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-27 14:11 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
    2008-01-27 06:13 . 2008-01-27 06:13 <KANSIO> d--hs---- C:\Documents and Settings\lazu\UserData
    2008-01-27 06:07 . 2008-02-05 22:45 <KANSIO> d-------- C:\Program Files\Google
    2008-01-27 05:28 . 2008-01-27 05:28 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\vlc
    2008-01-27 05:27 . 2008-01-27 05:27 <KANSIO> d-------- C:\Program Files\Dziobas Rar Player
    2008-01-27 05:14 . 2008-01-27 05:14 <KANSIO> d-------- C:\Program Files\VideoLAN
    2008-01-27 04:35 . 2008-01-27 04:35 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Avant Profiles
    2008-01-27 04:04 . 2008-01-29 21:08 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
    2008-01-27 02:15 . 2008-02-10 14:59 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\uTorrent
    2008-01-27 02:13 . 2008-01-27 02:13 <KANSIO> d-------- C:\Program Files\CCleaner

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-07 12:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-27 03:28 --------- d-----w C:\Documents and Settings\lazu\Application Data\vlc
    2008-01-27 01:58 --------- d-----w C:\Program Files\uTorrent
    2008-01-26 22:28 86,144 ----a-w C:\WINDOWS\system32\drivers\ipinipp.sys
    2008-01-26 22:28 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-01-26 22:11 --------- d-----w C:\Program Files\microsoft frontpage
    .

    (((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-27 02:15 219952]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-06 22:53 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 17:37 249896]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 23:03 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 23:03 219136]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoCustomizeWebView"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    R1 ipinipp;ipinipp;C:\WINDOWS\system32\drivers\ipinipp.sys [2008-01-27 00:28]

    .
    'Ajoitetut teht&#8222;v&#8222;t'-kansion sis&#8222;lt&#8221;
    "2008-02-04 13:33:03 C:\WINDOWS\Tasks\AdsGone.job"
    - C:\Program Files\AdsGone\AdsGone.exe
    "2008-02-09 23:48:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 14:59:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-10 15:02:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-10 13:01:47
    ComboFix2.txt 2008-02-06 21:58:44
    .
    2008-02-07 02:03:26 --- E O F ---
     
    Koina, Feb 10, 2008
    #3
  4. Hujo

    Hujo Guest

    Niin sulla on antivir ja avg virusohjelmat koneella kumpaas käytät


    =============

    Tee tämä sitten vikasiedossa


    Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

    Tallenna se nimellä CFScript

    Sitten raahaa CFScript ComboFix.exeen kuten alla.
    [​IMG]

    Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
     
    Last edited by a moderator: Feb 10, 2008
    Hujo, Feb 10, 2008
    #4
  5. Koina

    Koina Guest

    Heh niinpäs oli 2 virusturvaa... mutta tässä tämä

    ComboFix 08-02.05.3 - lazu 2008-02-10 18:35:50.4 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.388 [GMT 2:00]
    Running from: C:\Documents and Settings\lazu\Työpöytä\ComboFix.exe
    Command switches used :: C:\Documents and Settings\lazu\Työpöytä\CFScript

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\ipinipp.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPINIPP
    -------\ipinipp


    ((((( Tiedostot, jotka on luotu seuraavalla aikav&#8222;lill&#8222;: 2008-01-10 to 2008-02-10 )))))))))))))))))
    .

    2008-02-10 18:23 . 2008-02-10 18:23 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-10 14:50 . 2004-09-14 16:12 390,656 --a------ C:\kmd.exe
    2008-02-10 13:31 . 2008-02-10 13:31 <KANSIO> d-------- C:\VundoFix Backups
    2008-02-09 09:18 . 2008-02-09 09:18 <KANSIO> d-------- C:\WINDOWS\system32\Macromed
    2008-02-09 03:00 . 2008-02-09 03:00 <KANSIO> d-------- C:\Program Files\Trend Micro
    2008-02-07 14:14 . 2008-02-07 14:14 <KANSIO> d-------- C:\Program Files\Sygate
    2008-02-07 14:14 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
    2008-02-07 14:14 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
    2008-02-07 14:14 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
    2008-02-07 14:14 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
    2008-02-07 14:12 . 2008-02-07 14:12 <KANSIO> d-------- C:\Program Files\Avira
    2008-02-07 14:12 . 2008-02-07 14:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-07 04:33 . 2008-02-07 04:33 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-02-07 04:30 . 2008-02-07 04:33 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-07 04:30 . 2008-02-07 04:30 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Malwarebytes
    2008-02-07 01:25 . 2008-02-07 01:25 <KANSIO> d-------- C:\Program Files\URUSoft
    2008-02-07 01:16 . 2008-02-07 01:16 <KANSIO> d-------- C:\Program Files\Gabest
    2008-02-06 22:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-02-06 22:53 . 2008-02-06 22:56 <KANSIO> d-------- C:\Program Files\Java
    2008-02-06 22:53 . 2008-02-06 22:53 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2008-02-06 15:49 . 2008-02-06 15:49 101 --a------ C:\WINDOWS\wininit.ini
    2008-02-06 14:07 . 2008-02-06 14:08 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-06 14:07 . 2008-02-06 15:50 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-06 00:10 . 2008-02-07 14:57 <KANSIO> d-------- C:\Program Files\Opera
    2008-02-04 15:33 . 2008-02-05 11:26 57 --a------ C:\WINDOWS\WinNetOptimize98ag.cfg
    2008-02-04 14:50 . 2008-02-04 14:50 <KANSIO> d-------- C:\Program Files\mIRC
    2008-02-04 14:50 . 2008-02-04 14:59 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\mIRC
    2008-01-30 14:26 . 2008-01-30 14:28 <KANSIO> d-------- C:\Documents and Settings\lazu\.housecall6.6
    2008-01-30 14:25 . 2008-01-30 14:25 <KANSIO> d-------- C:\WINDOWS\Sun
    2008-01-30 14:15 . 2008-01-30 14:24 671 --a------ C:\WINDOWS\mozver.dat
    2008-01-30 13:16 . 2008-01-30 13:23 888 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-30 11:06 . 2008-01-30 11:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-01-30 09:42 . 2008-01-30 09:42 <KANSIO> d-------- C:\Program Files\Windows Defender
    2008-01-28 12:28 . 2008-01-28 12:34 <KANSIO> d-------- C:\Program Files\Winamp
    2008-01-28 12:28 . 2008-01-28 12:34 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Winamp
    2008-01-28 12:16 . 2008-01-28 12:17 <KANSIO> d-------- C:\Program Files\IrfanView
    2008-01-28 11:27 . 2008-01-28 11:27 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
    2008-01-27 23:17 . 2008-01-27 23:17 <KANSIO> d-------- C:\Program Files\Foxit Software
    2008-01-27 22:24 . 2008-01-27 22:24 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-01-27 15:08 . 2008-01-27 15:08 0 --a------ C:\WINDOWS\nsreg.dat
    2008-01-27 14:31 . 2008-01-27 14:31 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-27 14:21 . 2008-01-27 14:21 <KANSIO> d-------- C:\WINDOWS\Web
    2008-01-27 14:12 . 2007-10-11 01:52 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-27 14:12 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-27 14:12 . 2007-07-01 05:36 1,011,712 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-27 14:12 . 2007-10-11 01:52 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-27 14:12 . 2007-10-11 01:52 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-27 14:12 . 2007-10-11 01:52 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-27 14:12 . 2007-10-11 01:52 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-27 14:12 . 2007-10-11 01:52 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-27 14:12 . 2007-10-10 12:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-27 14:11 . 2008-01-27 14:13 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
    2008-01-27 06:13 . 2008-01-27 06:13 <KANSIO> d--hs---- C:\Documents and Settings\lazu\UserData
    2008-01-27 06:07 . 2008-02-05 22:45 <KANSIO> d-------- C:\Program Files\Google
    2008-01-27 05:28 . 2008-01-27 05:28 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\vlc
    2008-01-27 05:27 . 2008-01-27 05:27 <KANSIO> d-------- C:\Program Files\Dziobas Rar Player
    2008-01-27 05:14 . 2008-01-27 05:14 <KANSIO> d-------- C:\Program Files\VideoLAN
    2008-01-27 04:35 . 2008-01-27 04:35 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\Avant Profiles
    2008-01-27 04:04 . 2008-01-29 21:08 <KANSIO> d-------- C:\WINDOWS\system32\CatRoot
    2008-01-27 02:15 . 2008-02-10 18:40 <KANSIO> d-------- C:\Documents and Settings\lazu\Application Data\uTorrent
    2008-01-27 02:13 . 2008-01-27 02:13 <KANSIO> d-------- C:\Program Files\CCleaner

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-07 12:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-27 03:28 --------- d-----w C:\Documents and Settings\lazu\Application Data\vlc
    2008-01-27 01:58 --------- d-----w C:\Program Files\uTorrent
    2008-01-26 22:11 --------- d-----w C:\Program Files\microsoft frontpage
    .

    (((((((((((((((((((((((((((((( Rekisterin k&#8222;ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Huom* Tyhji&#8222; arvoja ja laillisia oletusarvoja ei n&#8222;ytet&#8222;

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-27 02:15 219952]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-06 22:53 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 17:37 249896]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoCustomizeWebView"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


    .
    'Ajoitetut teht&#8222;v&#8222;t'-kansion sis&#8222;lt&#8221;
    "2008-02-04 13:33:03 C:\WINDOWS\Tasks\AdsGone.job"
    - C:\Program Files\AdsGone\AdsGone.exe
    "2008-02-10 16:39:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 18:40:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\wdfmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-10 18:42:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-10 16:41:55
    ComboFix2.txt 2008-02-10 13:02:08
    ComboFix3.txt 2008-02-06 21:58:44
    .
    2008-02-07 02:03:26 --- E O F ---
     
    Koina, Feb 10, 2008
    #5
  6. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki
     
    Hujo, Feb 10, 2008
    #6
  7. Koina

    Koina Guest

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:54:34, on 10.2.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    --
    End of file - 4228 bytes
     
    Koina, Feb 10, 2008
    #7
  8. Hujo

    Hujo Guest

    sulla on tuolla kaksi realiaikaista vahtia

    Windows Defender
    SpybotSD TeaTimer

    poista toinen

    =============

    scannaa hjt:llä merkkaa paina Fix checked

    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

    ==============

    Lataa: RegSeeker.zip työpöydälle:

    Pura zip C:\RegSeeker\ kansioon. Sieltä käynnistät RegSeeker.exe ohjelman.
    Oikeasa yläkulmassa on Languages.... linkki, josta valitset Suomenkielen.
    Vasemmasta alakulmasta ruksit Luo vrmuuskopio ja sitten linkki Puhdista rekisteri
    Ruksit kaikkiin muihin kohtiin paitsi "Käyttökelvottomat.." sitten "OK" (odotat hetken).
    Ruutuun ilmestyy lista epäkelvoista rekisterimerkinnöistä, jotka alapalkista Valitse kohdasta
    klikkaat Valitse kaikki jolloin valitut saavat keltaisen pohjavärin.
    Alapalkin Toiminnot linkistä klikkaat Poista valitut kohteet
    Ponnahdusikkunaan "Kaikki valitut kohteet poistetaan ? vastaat "OK".
    Seuraavaan Ponnahdusikkunaan "Varmuuskopiot" vastaat "OK".
    Klikaa vasemmalta Lopeta RegSeeker ja käynnistä koneesi uudelleen.

    =============0

    Vieläkös ne popupit pomppii
     
    Last edited by a moderator: Feb 10, 2008
    Hujo, Feb 10, 2008
    #8
  9. Koina

    Koina Guest

    Kiitos paljon ohjeista....eipä ole nyt ainakaan 15min. tullut yhtään eli ongelma ratkaistu.Kiitti vielä kerran
     
    Koina, Feb 10, 2008
    #9

Share This Page