Olen kokeillut kaikkia juttuja. Kone vikasietotilaan ja ajaa symantecin ohjeiden mukaan full scannin. Sekä symantecin omaa trojan vundo poistoa. Löytää aina jotain troijalaisia, mutta silti niitä ilmaan tuu aina lisää. Koneelta löytyy Trojan Vundo, Trojan Horse ja Trojan LowZones tasaisin väliajoin. Mitä tehdä?? Alla logi. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:39:14, on 10.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\qfsknjma.dll",forkonce O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yhywhore.exe (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 8588 bytes
Lataa VundoFix.exe työpöydällesi. *Tupla-klikkaa VundoFix.exe ajaaksesi sen. *Klikkaa Scan for Vundo valintaa. *Kun skannaus on valmis, klikkaa Remove Vundo valintaa. *Sinulta kysytään haluatko poistaa filut - klikkaa YES. *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. *Postita C:\vundofix.txt lokin sisältö Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. ========== 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ========== Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin: 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe Vaihtamalla HJT:n nimeä saamme varmuuden, onko koneellasi Vundo-infektiota. 4. Laita uusi Hijackthis-logi
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:32:13, on 11.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Olli\Työpöytä\skanneri.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {336CEBB5-30F7-49C8-9945-D88EEC0BB2A8} - (no file) O2 - BHO: (no name) - {39D137CC-C5D5-4FCB-85D1-9D475B580C79} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7398B40D-418F-4FD4-A6D3-276867017DAA} - C:\WINDOWS\system32\awtqn.dll (file missing) O2 - BHO: (no name) - {EF96621B-E510-4CCB-A85F-E99987D246E9} - (no file) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll (file missing) O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 9063 bytes
"Olli" - 2007-07-11 0:08:49 - ComboFix 07-07-10.1 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.ini2 C:\WINDOWS\system32\nqstv.tmp * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\winpop C:\WINDOWS\system32\0_exception.nls C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\scchk32.exe.bak C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\wr.txt ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\LEGACY_NPF -------\LEGACY_RUNTIME -------\DomainService -------\NPF ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-11 00:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-10 14:34 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-06 16:21 <KANSIO> d-------- C:\Program Files\vso 2007-07-04 18:15 23,040 --a------ C:\WINDOWS\system32\auth.dll 2007-07-04 18:15 110,080 --a------ C:\WINDOWS\system32\nLame.dll 2007-07-04 17:53 <KANSIO> d-------- C:\Program Files\bitRipper 2007-07-04 11:34 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot 2007-07-04 10:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-07-04 10:40 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-07-04 10:39 <KANSIO> d-------- C:\Program Files\IVT Corporation 2007-07-02 23:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony 2007-07-02 23:07 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Publish Providers 2007-07-02 23:06 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Sony 2007-07-02 18:23 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\APPLIC~1\Lavasoft 2007-07-02 17:59 606,208 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Suosikit 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist” 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist” 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit 2007-07-02 17:59 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„ 2007-07-02 17:38 <KANSIO> d-------- C:\Program Files\Vstplugins 2007-07-02 17:37 <KANSIO> d-------- C:\Program Files\Sony 2007-07-02 16:03 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Sony Setup 2007-07-02 16:02 <KANSIO> d-------- C:\Program Files\Sony Setup 2007-07-01 19:19 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Nokia Multimedia Player 2007-06-28 18:46 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-06-28 18:46 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-06-28 18:46 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-06-28 18:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-06-28 18:46 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-06-28 18:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-06-28 18:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-06-28 18:44 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-06-28 18:44 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-06-28 18:44 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-06-28 18:44 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-06-27 21:59 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-26 21:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-25 19:41 <KANSIO> d-------- C:\VundoFix Backups 2007-06-22 13:07 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-22 13:07 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Symantec Client Security 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Symantec 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-22 12:17 <KANSIO> d-------- C:\WINDOWS\system32\qkchukoe 2007-06-21 22:33 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-06-21 22:10 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-06-21 22:09 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2007-06-21 22:07 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2007-06-21 22:07 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2007-06-21 22:07 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-06-21 22:07 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL 2007-06-21 22:07 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL 2007-06-21 22:05 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio 2007-06-21 22:01 <KANSIO> d-------- C:\Program Files\Pinnacle 2007-06-21 20:01 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit 2007-06-21 19:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle 2007-06-21 19:46 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2007-06-19 21:37 <KANSIO> d-------- C:\Program Files\Boilsoft MOV Converter 2007-06-18 20:54 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite 2007-06-18 20:54 <KANSIO> d-------- C:\Program Files\Common Files\Nokia 2007-06-18 20:52 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution 2007-06-18 20:50 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-06-18 20:50 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-06-18 20:50 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-06-18 20:50 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-06-18 20:49 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-10 21:15:12 40 ----a-w C:\WINDOWS\system32\profile.dat 2007-07-10 21:06:01 72,274 ----a-w C:\WINDOWS\system32\perfc00B.dat 2007-07-10 21:06:01 368,606 ----a-w C:\WINDOWS\system32\perfh00B.dat 2007-07-10 20:09:23 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-09 14:12:18 -------- d-----w C:\Program Files\nordicbetMPP 2007-07-09 12:37:54 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\Azureus 2007-07-07 06:44:53 -------- d-----w C:\Program Files\PartyGaming 2007-07-06 08:23:01 -------- d-----w C:\Program Files\DC++ 2007-07-04 08:19:11 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\Nokia 2007-07-03 19:44:19 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-22 10:03:25 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\AdobeUM 2007-06-21 19:10:02 139 ----a-w C:\AUTOEXEC.BAT 2007-06-18 17:54:58 -------- d-----w C:\Program Files\DIFX 2007-06-18 17:54:08 -------- d-----w C:\Program Files\Nokia 2007-06-09 18:55:24 -------- d-----w C:\Program Files\TVUPlayer 2007-06-09 18:55:12 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\TVU Networks 2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 18:22:58 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\VersionTracker Pro 2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336CEBB5-30F7-49C8-9945-D88EEC0BB2A8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D137CC-C5D5-4FCB-85D1-9D475B580C79}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7398B40D-418F-4FD4-A6D3-276867017DAA}] C:\WINDOWS\system32\awtqn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF96621B-E510-4CCB-A85F-E99987D246E9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13] "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-10 14:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc] C:\WINDOWS\system32\ddabc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32] winccf32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^VersionTracker Pro.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\VersionTracker Pro.lnk backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "D:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] D:\Ohjelmat\PowerIso\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\Ohjelmat\WinAmp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide Contents of the 'Scheduled Tasks' folder 2007-07-10 21:19:56 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-11 00:17:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-11 0:21:33 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-11 00:20 --- E O F --- Beginning removal... VundoFix V6.5.1 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 19:41:49 25.6.2007 Listing files found while scanning.... C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\qstwa.bak1 C:\WINDOWS\system32\qstwa.bak2 C:\WINDOWS\system32\qstwa.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\awtsq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qstwa.bak1 C:\WINDOWS\system32\qstwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\qstwa.bak2 C:\WINDOWS\system32\qstwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\qstwa.ini C:\WINDOWS\system32\qstwa.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\awtsq.dll C:\WINDOWS\system32\awtsq.dll Has been deleted! Performing Repairs to the registry. Done!
Hei, sinulla on Norton Internet Security ja AVG7, vain yksi virustorjunta/per kone, kumpaa siis käytät? =========== Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne: Tallenna se nimellä CFScript Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. ======== Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin: 1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia. 2. Valitse Uudelleennineä/ Rename. 3. Kirjoita scanner.exe Vaihtamalla HJT:n nimeä saamme varmuuden, onko koneellasi Vundo-infektiota. 4. Laita uusi Hijackthis-logi
Command switches used :: C:\Documents and Settings\Olli\Ty”p”yt„\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\qkchukoe C:\WINDOWS\system32\qkchukoe\bg1.gif C:\WINDOWS\system32\qkchukoe\bgtop.gif C:\WINDOWS\system32\qkchukoe\bottom1.gif C:\WINDOWS\system32\qkchukoe\essentials.gif C:\WINDOWS\system32\qkchukoe\icon1.ico C:\WINDOWS\system32\qkchukoe\install1.gif C:\WINDOWS\system32\qkchukoe\left1.gif C:\WINDOWS\system32\qkchukoe\li.gif C:\WINDOWS\system32\qkchukoe\logo.gif C:\WINDOWS\system32\qkchukoe\main.htm C:\WINDOWS\system32\qkchukoe\mainframe.htm C:\WINDOWS\system32\qkchukoe\qkchukoe1.exe C:\WINDOWS\system32\qkchukoe\qkchukoe3.exe C:\WINDOWS\system32\qkchukoe\reinstall1.gif C:\WINDOWS\system32\qkchukoe\right1.gif C:\WINDOWS\system32\qkchukoe\s1.htm C:\WINDOWS\system32\qkchukoe\s2.htm C:\WINDOWS\system32\qkchukoe\s3.htm C:\WINDOWS\system32\qkchukoe\SMTop1.gif C:\WINDOWS\system32\qkchukoe\SMTop2.gif C:\WINDOWS\system32\qkchukoe\SMTop3.gif C:\WINDOWS\system32\qkchukoe\SMTop4.gif C:\WINDOWS\system32\qkchukoe\soft1_off.gif C:\WINDOWS\system32\qkchukoe\soft1_off_ext.gif C:\WINDOWS\system32\qkchukoe\soft1_on.gif C:\WINDOWS\system32\qkchukoe\soft1_on_ext.gif C:\WINDOWS\system32\qkchukoe\soft2_off.gif C:\WINDOWS\system32\qkchukoe\soft2_off_ext.gif C:\WINDOWS\system32\qkchukoe\soft2_on.gif C:\WINDOWS\system32\qkchukoe\soft2_on_ext.gif C:\WINDOWS\system32\qkchukoe\soft3_off.gif C:\WINDOWS\system32\qkchukoe\soft3_off_ext.gif C:\WINDOWS\system32\qkchukoe\soft3_on.gif C:\WINDOWS\system32\qkchukoe\soft3_on_ext.gif C:\WINDOWS\system32\qkchukoe\softbottom_off.gif C:\WINDOWS\system32\qkchukoe\softbottom_on.gif C:\WINDOWS\system32\qkchukoe\softleft_off.gif C:\WINDOWS\system32\qkchukoe\softleft_on.gif C:\WINDOWS\system32\qkchukoe\top1.gif C:\WINDOWS\system32\qkchukoe\top2.gif C:\WINDOWS\system32\qkchukoe\turnoff1.gif C:\WINDOWS\system32\qkchukoe\turnon1.gif ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 ))))))))))))))))))))))))))))))) 2007-07-13 11:11 <KANSIO> d-------- C:\WINDOWS\LastGood 2007-07-11 00:08 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-10 14:34 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-06 16:21 <KANSIO> d-------- C:\Program Files\vso 2007-07-04 18:15 23,040 --a------ C:\WINDOWS\system32\auth.dll 2007-07-04 18:15 110,080 --a------ C:\WINDOWS\system32\nLame.dll 2007-07-04 17:53 <KANSIO> d-------- C:\Program Files\bitRipper 2007-07-04 11:34 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Omat tiedostot 2007-07-04 10:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth 2007-07-04 10:40 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-07-04 10:39 <KANSIO> d-------- C:\Program Files\IVT Corporation 2007-07-02 23:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony 2007-07-02 23:07 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Publish Providers 2007-07-02 23:06 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Sony 2007-07-02 18:23 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\APPLIC~1\Lavasoft 2007-07-02 17:59 606,208 --a------ C:\DOCUME~1\JRJEST~1\NTUSER.DAT 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Suosikit 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot 2007-07-02 17:59 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist” 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist” 2007-07-02 17:59 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit 2007-07-02 17:59 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„ 2007-07-02 17:38 <KANSIO> d-------- C:\Program Files\Vstplugins 2007-07-02 17:37 <KANSIO> d-------- C:\Program Files\Sony 2007-07-02 16:03 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Sony Setup 2007-07-02 16:02 <KANSIO> d-------- C:\Program Files\Sony Setup 2007-07-01 19:19 <KANSIO> d-------- C:\DOCUME~1\Olli\APPLIC~1\Nokia Multimedia Player 2007-06-28 18:46 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-06-28 18:46 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-06-28 18:46 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-06-28 18:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-06-28 18:46 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-06-28 18:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-06-28 18:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-06-28 18:44 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-06-28 18:44 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-06-28 18:44 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-06-28 18:44 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-06-27 21:59 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-26 21:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-25 19:41 <KANSIO> d-------- C:\VundoFix Backups 2007-06-22 13:07 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-22 13:07 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Symantec Client Security 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Symantec 2007-06-22 13:06 <KANSIO> d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-21 22:33 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-06-21 22:10 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-06-21 22:09 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2007-06-21 22:07 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2007-06-21 22:07 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2007-06-21 22:07 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-06-21 22:07 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL 2007-06-21 22:07 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL 2007-06-21 22:05 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio 2007-06-21 22:01 <KANSIO> d-------- C:\Program Files\Pinnacle 2007-06-21 20:01 <KANSIO> dr------- C:\DOCUME~1\LOCALS~1\Suosikit 2007-06-21 19:47 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle 2007-06-21 19:46 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2007-06-19 21:37 <KANSIO> d-------- C:\Program Files\Boilsoft MOV Converter 2007-06-18 20:54 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite 2007-06-18 20:54 <KANSIO> d-------- C:\Program Files\Common Files\Nokia 2007-06-18 20:52 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution 2007-06-18 20:50 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-06-18 20:50 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-06-18 20:50 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-06-18 20:50 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-06-18 20:49 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 08:09:18 72,274 ----a-w C:\WINDOWS\system32\perfc00B.dat 2007-07-13 08:09:18 368,606 ----a-w C:\WINDOWS\system32\perfh00B.dat 2007-07-13 08:06:44 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-07-13 08:02:00 40 ----a-w C:\WINDOWS\system32\profile.dat 2007-07-09 14:12:18 -------- d-----w C:\Program Files\nordicbetMPP 2007-07-09 12:37:54 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\Azureus 2007-07-07 06:44:53 -------- d-----w C:\Program Files\PartyGaming 2007-07-06 08:23:01 -------- d-----w C:\Program Files\DC++ 2007-07-04 08:19:11 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\Nokia 2007-07-03 19:44:19 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-22 10:03:25 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\AdobeUM 2007-06-21 19:10:02 139 ----a-w C:\AUTOEXEC.BAT 2007-06-18 17:54:58 -------- d-----w C:\Program Files\DIFX 2007-06-18 17:54:08 -------- d-----w C:\Program Files\Nokia 2007-06-09 18:55:24 -------- d-----w C:\Program Files\TVUPlayer 2007-06-09 18:55:12 -------- d-----w C:\DOCUME~1\Olli\APPLIC~1\TVU Networks 2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43] "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13] "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 11:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^VersionTracker Pro.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\VersionTracker Pro.lnk backup=C:\WINDOWS\pss\VersionTracker Pro.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "D:\Ohjelmat\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] D:\Ohjelmat\PowerIso\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\Ohjelmat\WinAmp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide Contents of the 'Scheduled Tasks' folder 2007-07-13 08:06:53 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-13 11:16:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-13 11:16:46 C:\ComboFix-quarantined-files.txt ... 2007-07-13 11:16 C:\ComboFix2.txt ... 2007-07-11 00:21 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:31, on 13.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Olli\Työpöytä\skanneri.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 8021 bytes
Tarkista koneesi Panda Online Skannerilla: Panda ActiveScan [*] Kun olet Pandan sivulla, klikkaa Scan your PC-painiketta [*]Uusi ikkuna aukeaa...klikkaa Check Now-painiketta [*]Valitse maa, Country [*]Syötä kaupunki, State/Province [*]Syötä sähköpostiosoitteesi, e-mail address ja klikkaa send-painiketta [*]Valitse joko kotikäyttäjä Home User tai yritys Company [*]Klikkaa suurta Scan Now-painiketta [*]Jos ActiveX-komponentin asentamista kysytään, salli se. [*]Tarvittavien tiedostojen lataaminen alkaa (Huom: Tämä vaihe voi viedä muutamia minuutteja) [*]Kun lataukset ovat valmiit, klikkaa Local Disks aloittaaksesi skannauksen [*]Kun skannaus on valmis, klikkaa See Report-painiketta jos infektioita löytyi. Klikkaa sitten Save Report ja tallenna raportti johonkin sopivaan sijaintiin (esim työpöydälle). Liitä Pandan skannausraportin sisältö vastaukseesi uuden HijackThis-lokin kera. ========== Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan: Avaa Oma tietokone -> Tee seuraava toimenpide kaikille Paikallisille levyille ========== Lataa CCleaner ja asenna se: Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)" Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle. Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Uusi Hijackthislogi ja Pandan raportti
Pandan loki: Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Olli\Cookies\olli@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Olli\Cookies\olli@mediaplex[1].txt _____________________________________________________________________` Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:29, on 13.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Acer\eRecovery\Monitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Arcade\PCMService.exe C:\acer\epm\epm-dm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Olli\Työpöytä\skanneri.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 8646 bytes
Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
