hjt log: Logfile of HijackThis v1.99.1 Scan saved at 22:37:21, on 17.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [4 dog bin grim] C:\Documents and Settings\All Users\Application Data\second regs grim software\four pile live.exe O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\BODY EXIT.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Log does] C:\DOCUME~1\HP_OMI~1\APPLIC~1\FORDAI~1\TonsDartCreative.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link Air Utility.lnk = C:\Program Files\D-Link\D-Link Air Utility\Utility.exe O4 - Global Startup: D-Link AirPlus DWL-120+ Wireless USB Adapter.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing) Avusta jo etukäteen kiittäen -Stanhek-
Poista lisää poista sovelutuksesta WhenUSave, WhenU scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [4 dog bin grim] C:\Documents and Settings\All Users\Application Data\second regs grim software\four pile live.exe O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\BODY EXIT.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Log does] C:\DOCUME~1\HP_OMI~1\APPLIC~1\FORDAI~1\TonsDartCreative.exe ========================== Poista vikasiedossa kansio C:\Program Files\Save ========================= Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä... Linkki1 Linkki2 Linkki3 1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen 2.Tuplaklikkaa NoLop.exe ajaaksesi sen 3.Klikkaa nappulaa "Search and Destroy" <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>> 4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK 5. Klikkaa "REBOOT"-painiketta. 6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera. -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:34, on 18.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Log does] C:\DOCUME~1\HP_OMI~1\APPLIC~1\FORDAI~1\TonsDartCreative.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link Air Utility.lnk = C:\Program Files\D-Link\D-Link Air Utility\Utility.exe O4 - Global Startup: D-Link AirPlus DWL-120+ Wireless USB Adapter.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\HP_Omistaja\Työpöytä [18.9.2007] [14:57:13] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\AADAA09591B5535D.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Downloaded Installations -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Dvd Shrink C:\Documents and Settings\All Users\Application Data\Hp C:\Documents and Settings\All Users\Application Data\Installations C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Pc Suite C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Second Regs Grim Software -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Setupreadmeeachonline C:\Documents and Settings\All Users\Application Data\Software Rule Flag Owns C:\Documents and Settings\All Users\Application Data\Sonic C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\Default User\Application Data\Apple Computer C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory C:\Documents and Settings\Hp_omistaja\Application Data\Adobe C:\Documents and Settings\Hp_omistaja\Application Data\Adobeum C:\Documents and Settings\Hp_omistaja\Application Data\Apple Computer C:\Documents and Settings\Hp_omistaja\Application Data\Bsplayer C:\Documents and Settings\Hp_omistaja\Application Data\Fordaimskip C:\Documents and Settings\Hp_omistaja\Application Data\Hpq C:\Documents and Settings\Hp_omistaja\Application Data\Identities C:\Documents and Settings\Hp_omistaja\Application Data\Intervideo C:\Documents and Settings\Hp_omistaja\Application Data\Leadertech C:\Documents and Settings\Hp_omistaja\Application Data\Locktime C:\Documents and Settings\Hp_omistaja\Application Data\Macromedia C:\Documents and Settings\Hp_omistaja\Application Data\Media Player Classic C:\Documents and Settings\Hp_omistaja\Application Data\Microgaming C:\Documents and Settings\Hp_omistaja\Application Data\Microsoft C:\Documents and Settings\Hp_omistaja\Application Data\Nokia C:\Documents and Settings\Hp_omistaja\Application Data\Opera C:\Documents and Settings\Hp_omistaja\Application Data\Pc Suite C:\Documents and Settings\Hp_omistaja\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Hp_omistaja\Application Data\Sonic C:\Documents and Settings\Hp_omistaja\Application Data\Sun C:\Documents and Settings\Hp_omistaja\Application Data\Symantec C:\Documents and Settings\Hp_omistaja\Application Data\Teamspeak2 C:\Documents and Settings\Hp_omistaja\Application Data\Utorrent C:\Documents and Settings\Hp_omistaja\Application Data\Xfire C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Symantec C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Vieras\Application Data\Apple Computer C:\Documents and Settings\Vieras\Application Data\Hp C:\Documents and Settings\Vieras\Application Data\Identities C:\Documents and Settings\Vieras\Application Data\Intervideo C:\Documents and Settings\Vieras\Application Data\Macromedia C:\Documents and Settings\Vieras\Application Data\Media Player Classic C:\Documents and Settings\Vieras\Application Data\Microsoft C:\Documents and Settings\Vieras\Application Data\Nokia C:\Documents and Settings\Vieras\Application Data\Opera C:\Documents and Settings\Vieras\Application Data\Pc Suite C:\Documents and Settings\Vieras\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Vieras\Application Data\Sonic C:\Documents and Settings\Vieras\Application Data\Sun C:\Documents and Settings\Vieras\Application Data\Symantec -- EMPTY Directory C:\Documents and Settings\Vieras.matias\Application Data\Adobe C:\Documents and Settings\Vieras.matias\Application Data\Apple Computer C:\Documents and Settings\Vieras.matias\Application Data\Identities C:\Documents and Settings\Vieras.matias\Application Data\Locktime C:\Documents and Settings\Vieras.matias\Application Data\Macromedia C:\Documents and Settings\Vieras.matias\Application Data\Microsoft C:\Documents and Settings\Vieras.matias\Application Data\Opera C:\Documents and Settings\Vieras.matias\Application Data\Sampleview -- EMPTY Directory C:\Documents and Settings\Vieras.matias\Application Data\Symantec -- EMPTY Directory
Lataa Dr.Web CureIt työpöydälle: Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. Kun scan on valmis, merkkaa asemat, jotka haluat scannata. Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. Klikaa vihreää nuolta oikealla ja scan alkaa. Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv Sulje Dr.Web Cureit. Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
tonsdartcreative.exe;c:\documents and settings\hp_omistaja\application data\fordaimskip;Trojan.Swizzor;Deleted.; STORE TEAM.exe;C:\Documents and Settings\All Users\Application Data\Setupreadmeeachonline;Trojan.Swizzor;Deleted.; Meal Cake.exe;C:\Documents and Settings\All Users\Application Data\Software rule flag owns;Trojan.Packed.149;Incurable.Will be moved after reboot.; csmrzbiw.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Packed.149;Incurable.Moved.; gmenauok.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Packed.149;Incurable.Moved.; holebagscake.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Swizzor;Deleted.; holewebblah.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Swizzor;Deleted.; noiiyxvb.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Packed.149;Incurable.Moved.; toufiroz.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Packed.149;Incurable.Moved.; zchwuvrt.exe;C:\Documents and Settings\HP_Omistaja\Application Data\FORDAIMSKIP;Trojan.Swizzor;Deleted.; bis141.exe;C:\Documents and Settings\HP_Omistaja\Local Settings\Temp;Trojan.Packed.149;Incurable.Moved.; sta17C.exe;C:\Documents and Settings\HP_Omistaja\Local Settings\Temp;Trojan.Swizzor;Deleted.; sta3DE.exe;C:\Documents and Settings\HP_Omistaja\Local Settings\Temp;Trojan.Packed.149;Incurable.Moved.; sta59F.exe;C:\Documents and Settings\HP_Omistaja\Local Settings\Temp;Trojan.Swizzor;Deleted.; sta5A0.exe;C:\Documents and Settings\HP_Omistaja\Local Settings\Temp;Trojan.Swizzor;Deleted.; KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.; mirc.exe;C:\mIRC;Program.mIRC.616;Incurable.Moved.; A0039979.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP177;Trojan.Packed.149;Incurable.Moved.; A0040002.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP177;Trojan.Packed.149;Incurable.Moved.; A0040004.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP177;Trojan.Swizzor;Deleted.; A0040024.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP178;Trojan.Packed.149;Incurable.Moved.; A0040026.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP178;Trojan.Swizzor;Deleted.; A0040049.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP179;Trojan.Swizzor;Deleted.; A0040079.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP180;Trojan.Packed.149;Incurable.Moved.; A0040085.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP180;Trojan.Swizzor;Deleted.; A0040096.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP181;Trojan.Packed.149;Incurable.Moved.; A0040098.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP181;Trojan.Swizzor;Deleted.; A0040101.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP182;Trojan.Packed.149;Incurable.Moved.; A0040108.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP182;Trojan.Swizzor;Deleted.; A0040127.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP182;Trojan.Packed.149;Incurable.Moved.; A0040129.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP182;Trojan.Swizzor;Deleted.; A0040161.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP183;Trojan.Packed.149;Incurable.Moved.; A0040163.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP183;Trojan.Swizzor;Deleted.; A0040171.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP184;Trojan.Swizzor;Deleted.; A0040184.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP184;Trojan.Packed.149;Incurable.Moved.; A0040186.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP184;Trojan.Swizzor;Deleted.; A0040207.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP185;Trojan.Swizzor;Deleted.; A0041186.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP186;Trojan.Packed.149;Incurable.Moved.; A0041188.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP186;Trojan.Swizzor;Deleted.; A0041220.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP187;Trojan.Swizzor;Deleted.; A0041228.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP188;Trojan.Swizzor;Deleted.; A0041229.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP188;Trojan.Packed.149;Incurable.Moved.; A0042273.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP189;Trojan.Packed.149;Incurable.Moved.; A0042321.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP190;Trojan.Packed.149;Incurable.Moved.; A0042354.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP191;Trojan.Packed.149;Incurable.Moved.; A0042451.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP191;Program.mIRC.616;Incurable.Moved.; A0043335.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP192;Trojan.Packed.149;Incurable.Moved.; A0043400.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP195;Trojan.Packed.149;Incurable.Moved.; A0043420.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP196;Trojan.Packed.149;Incurable.Moved.; A0043454.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP198;Trojan.Packed.149;Incurable.Moved.; A0044459.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP201;Trojan.Packed.149;Incurable.Moved.; A0044474.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP202;Trojan.Packed.149;Incurable.Moved.; A0044497.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP202;Trojan.Packed.149;Incurable.Moved.; A0044597.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP203;Trojan.Packed.149;Incurable.Moved.; A0044617.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP204;Trojan.Packed.149;Incurable.Moved.; A0044621.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP204;Program.mIRC.616;Incurable.Moved.; A0044730.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP205;Trojan.Packed.149;Incurable.Moved.; A0044865.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP209;Trojan.Packed.149;Incurable.Moved.; A0045862.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP210;Trojan.Packed.149;Incurable.Moved.; A0045910.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP214;Trojan.Swizzor;Deleted.; A0045911.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP214;Trojan.Packed.149;Incurable.Moved.; A0045912.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP214;Trojan.Packed.149;Incurable.Moved.; A0046863.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP214;Trojan.Packed.149;Incurable.Moved.; A0046903.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Packed.149;Incurable.Moved.; A0046917.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Packed.149;Incurable.Moved.; A0046930.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Packed.149;Incurable.Moved.; A0046931.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Swizzor;Deleted.; A0046932.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Swizzor;Deleted.; A0047916.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP215;Trojan.Packed.149;Incurable.Moved.; A0047951.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047967.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047975.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Swizzor;Deleted.; A0047976.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Swizzor;Deleted.; A0047977.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047978.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047979.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Swizzor;Deleted.; A0047980.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Swizzor;Deleted.; A0047981.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047982.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Packed.149;Incurable.Moved.; A0047983.exe;C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP216;Trojan.Swizzor;Deleted.; opr095T3.exe;C:\USERDATA\Application Data\Opera\Opera\profile\cache4;BackDoor.Funmaker;Incurable.Moved.; picture881.exe;C:\USERDATA\Application Data\Opera\Opera\profile\cache4\temporary_download;BackDoor.Funmaker;Incurable.Moved.; loadadv642.exe;C:\USERDATA\Työpöytä;Trojan.DownLoader.14617;Deleted.;
1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
