Joo toi Avira aina välillä herjaa joistain viruksista joita löytyy system volume informationilta. Kyseisten tiedostojen nimet ovat aina jotain tyyliin "A00745854.exe" alkaa a-kirjaimella, pari nollaa perässä ja sitten joitain numeroita.. jotain tuonne päin... Loki tulee tässä: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:48:14, on 28.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\BlueSoleil\BsMobileCS.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Volumouse\volumouse.exe C:\Program Files\RAM Saver Professional\ramsaverpro.exe C:\Program Files\Better Rename.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\BlueSoleil\BsHelpCS.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\HijackThis\giyg.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\RAM Saver Professional\ramsaverpro.exe O4 - HKCU\..\Run: [Better Rename] C:\Program Files\Better Rename.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Bluetoothin lähettämä - C:\Program Files\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Lähetä viestissä(&M)... - C:\Program Files\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222794645410 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222804716281 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{6522BAC8-CDBB-4358-A2F9-635C0EE45569}: NameServer = 195.197.54.100 195.74.0.47 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F2C717B-7CB3-4D65-BED7-368E22206A55}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\BlueSoleil\BsMobileCS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 10599 bytes
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{7F2C717B-7CB3-4D65-BED7-368E22206A55}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{23E9D7B0-F001-4D6C-946D-D0AC4EEDF6D5}: NameServer = 156.154.70.25,156.154.71.25 Noissa saattais olla jotain hämärää, ellet tiedä IP osoitteita niin suosittelen vetämään FIX:in kehiin. Tuota ennen käynnistä käyttis vikasietotilassa, sammuta modeemi ja mahdollisesti selain. Toisin sanoen, ota kone pois verkosta. Tuon jälkeen tee noille FIX. Tämän jälkeen kone uusiksi käyntiin, sitten hae Malwarebyte's Antimalware, asenna, hae uusimmat tunnisteet. Käynnistä kone jälleen vikasietotilassa, ja ota kone pois verkosta. Aja Malwarebyte's täysitarkistus, mikäli löytää jotakin, poista. Jälleen kone käyntiin, ccleaner käyntiin (päivitä jos ehdottaa, kone siis jälleen verkkoon) ja puhdista. Ellei vieläkään muutosta niin sitten olen ainakin itse ymmälläni...
Noniin nyt se ei oo herjannu enää. On muuten ajateltu vaihtaa Avira Avastiin. Kannattaako? Onko molemmat samantasoisia vai onko toinen parempi?
Mitä teit, nuo mitä ehdotin? Itsellä ei ole Avirasta mitään kokemuksia, joskus vuosia sitten oli käytössä, mutta vaihdoin sen Avastiin, ja siihen olen ollut tyytyväinen. Molemmat varmasti toimivat ihan ok, mutta äänet annan yhdistelmälle: ZoneAlarn ja Avast.
Joo tein nuo kaikki, Malwarebytes ei löytäny mitään. Comodo on palomuurina niin sen oon ajatellu pitää mut virustorjunnan oon ajatellu vaihtaa
