koneessa viruksia?!

miggu · Jan 11, 2007

Voiskohan joku vilkaista koneeni hjt-loqia, kun en itse siitä ymmärrä. Koneeseeni on ilmestynyt aina silloin tällöin virus (trojalainen). Kun olen jonkun muka poistanut, jostain tulee taas.

Logfile of HijackThis v1.99.1
Scan saved at 19:14:08, on 11.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\FSGK32.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BAANA TIETOTURVA\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BAANA TIETOTURVA\Common\FAMEH32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsqh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE
C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsav32.exe
C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\BAANAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\BAANA TIETOTURVA\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Miika\Omat tiedostot\oma kansio\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\BAANA TIETOTURVA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\BAANA TIETOTURVA\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miikapaka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04B2B5-B5A1-4040-81F2-D675457CEE06}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Olen putsaillut konettani useammalla puhdistusohjelmalla. Tuntuu että koneeni hidastuu koko ajan enemmän.

Hujo · Jan 12, 2007

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - (no file)
O20 - Winlogon Notify: winepi32 - winepi32.dll (file missing)

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

• Tupla-klikkaa VundoFix.exe ajaaksesi sen.
• Klikkaa Scan for Vundo valintaa.
• Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
• Sinulta kysytään haluatko poistaa filut - klikkaa YES.
• Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
• Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
• Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

Hae VirtumundoBegone ja tallenna työpydälle

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

-> Käynnistä sitten kone vikasietotilassa ja aja VirtumundoBeGone.exe ohjeita seuraamalla.

scannaa escanilla
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

miggu · Jan 13, 2007

Kiitokset ohjeista.
merkkasin nuo mitä hjt:llä pyydettiin ja painoin fix checked.

VundoFix.exe ei löytänyt mitään.

VirtumundoBegone löysi seuraavaa:

[01/13/2007, 22:51:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Miika\Työpöytä\VirtumundoBeGone.exe" )
[01/13/2007, 22:51:44] - Detected System Information:
[01/13/2007, 22:51:44] - Windows Version: 5.1.2600, Service Pack 2
[01/13/2007, 22:51:44] - Current Username: Miika (Admin)
[01/13/2007, 22:51:44] - Windows is in SAFE mode with Networking.
[01/13/2007, 22:51:44] - Searching for Browser Helper Objects:
[01/13/2007, 22:51:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/13/2007, 22:51:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2007, 22:51:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 22:51:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2007, 22:51:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2007, 22:51:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/13/2007, 22:51:44] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/13/2007, 22:51:44] - Finished Searching Browser Helper Objects
[01/13/2007, 22:51:44] - Finishing up...
[01/13/2007, 22:51:44] - Nothing found! Exiting...

(En tiedä oisko tuota pitänyt teille ilmoittaa, mutta ajattelin panna varmuuden vuoksi.)

Sitten scannasin escanilla, ja sen löytämä virus log on tässä:

File C:\WINDOWS\system32\elcaswkh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\kujpgqfp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.
File C:\Documents and Settings\Isä\Local Settings\Temp\ancluoge.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Isä\Local Settings\Temp\dcnxqixl.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Isä\Local Settings\Temp\jayjemwr.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Isä\Local Settings\Temp\jrwmvvlc.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Isä\Local Settings\Temp\womhdktw.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Vierailijat\Local Settings\Temp\amtygqas.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Vierailijat\Local Settings\Temp\ddbdinuy.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Vierailijat\Local Settings\Temp\gklnmdhq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Vierailijat\Local Settings\Temp\kqttjqaq.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\Documents and Settings\Vierailijat\Local Settings\Temp\tqoskppb.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\elcaswkh.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\kujpgqfp.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.

Mitenhän tästä jatkettais eteenpäin?

Hujo · Jan 14, 2007

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

miggu · Jan 14, 2007

Tässä ois nyt tämä combofixin loki:

"Miika" - 07-01-14 14:36:36 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\Miika\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{38A8D~1

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))

2007-01-14 01:15 <KANSIO> d-------- C:\Program Files\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-13 23:13 <KANSIO> d-------- C:\Downloads
2007-01-13 23:13 <KANSIO> d-------- C:\Bases
2007-01-13 23:06 <KANSIO> d-------- C:\Kaspersky
2007-01-13 22:50 <KANSIO> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Webroot
2007-01-13 22:30 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Ahead
2007-01-13 21:13 <KANSIO> d-------- C:\VundoFix Backups
2007-01-11 23:44 <KANSIO> d-------- C:\WINDOWS\ie7updates
2007-01-11 14:36 1,231,872 --a------ C:\Program Files\winscp382.exe
2007-01-08 17:38 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-08 17:38 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-08 17:38 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-08 17:38 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-08 17:38 <KANSIO> d-------- C:\Program Files\Webroot
2007-01-08 17:38 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-01-08 17:38 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-01-08 17:37 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Webroot
2007-01-08 16:43 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-08 16:43 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-07 12:04 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-06 23:53 118,804 --a------ C:\WINDOWS\system32\kujpgqfp.dll
2007-01-02 19:20 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Opera
2006-12-29 22:56 184,320 --a------ C:\WINDOWS\system\Comdlg32.dll
2006-12-29 13:22 88,340 --a------ C:\WINDOWS\system32\elcaswkh.exe
2006-12-29 13:22 277,044 ---hs---- C:\WINDOWS\system32\awtqo.dll
2006-12-29 13:14 22,541 ---hs---- C:\WINDOWS\system32\qommjij.dll
2006-12-28 20:09 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2006-12-28 16:38 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\DivX
2006-12-28 16:35 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-28 16:35 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-28 16:35 <KANSIO> d-------- C:\Program Files\DivX
2006-12-25 16:06 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2006-12-25 16:06 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Audacity
2006-12-23 21:07 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2006-12-23 21:07 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2006-12-23 21:07 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2006-12-23 20:57 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\OfficeUpdate12
2006-12-23 13:58 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Sun
2006-12-22 12:47 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\F-Secure
2006-12-22 11:55 81,920 --a------ C:\WINDOWS\Dit.exe
2006-12-22 11:55 61,440 --a------ C:\WINDOWS\DitExp.exe
2006-12-22 11:55 176,128 --------- C:\WINDOWS\Dit.DLL
2006-12-22 11:44 <KANSIO> d-------- C:\DOCUME~1\IS9B88~1\Application Data\HP
2006-12-22 11:33 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Contacts
2006-12-22 11:26 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Google
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\Suosikit
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\Omat tiedostot
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\K„ynnist„-valikko
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Verkkoymp„rist”
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Tulostinymp„rist”
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Mallit
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Ty”p”yt„
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Phone Browser
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Bluetooth Software
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Real
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\PC Suite
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\ispnews
2006-12-22 11:05 <KANSIO> d-------- C:\DOCUME~1\IS9B88~1\Application Data\Real
2006-12-22 10:54 <KANSIO> d-------- C:\DOCUME~1\ITI~1\Application Data\Real
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Phone Browser
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Application Data\Real
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Application Data\PC Suite
2006-12-15 00:21 <KANSIO> d-------- C:\temp
2006-12-15 00:20 <KANSIO> d-------- C:\Program Files\MIDI-TO-MP3 1.2
2006-12-15 00:15 <KANSIO> d-------- C:\Program Files\TallStick

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-13 23:02 56 --a------ C:\Program Files\mwav.log
2007-01-09 23:20 -------- d-------- C:\Program Files\google
2007-01-07 19:24 -------- d-------- C:\Program Files\windows live toolbar
2007-01-07 12:49 -------- d---s---- C:\DOCUME~1\Miika\Application Data\microsoft
2006-12-29 23:31 -------- d--h----- C:\Program Files\installshield installation information
2006-12-29 12:49 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-28 20:10 -------- d-------- C:\DOCUME~1\Miika\Application Data\real
2006-12-28 20:09 -------- d-------- C:\Program Files\Common Files\real
2006-12-24 15:10 -------- d-------- C:\Program Files\dc++
2006-12-22 11:16 -------- d-------- C:\Program Files\opera
2006-12-12 18:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 18:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 18:30 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-12-12 18:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 18:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 18:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 18:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 18:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 18:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 18:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 18:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 18:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 18:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 18:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 18:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 18:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 18:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 18:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 18:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-10 22:14 -------- d-------- C:\Program Files\msn messenger
2006-12-10 22:14 -------- d-------- C:\Program Files\messenger plus! live
2006-12-07 07:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 14:57 -------- d-------- C:\Program Files\netbeans-5.5
2006-12-02 14:57 -------- d-------- C:\Program Files\java
2006-12-02 14:54 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-30 18:32 -------- d-------- C:\Program Files\real
2006-11-30 16:55 -------- d-------- C:\Program Files\avisynth 2.5
2006-11-30 16:54 -------- d-------- C:\Program Files\erightsoft
2006-11-28 18:46 -------- d-------- C:\Program Files\flvplayer
2006-11-28 18:15 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 22:09 -------- d-------- C:\Program Files\apple software update
2006-11-27 21:54 -------- d-------- C:\Program Files\windows live safety center
2006-11-27 20:13 -------- d-------- C:\Program Files\msi
2006-11-27 10:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 00:53 -------- d-------- C:\Program Files\quicktime
2006-11-26 00:53 -------- d-------- C:\DOCUME~1\Miika\Application Data\apple computer
2006-11-26 00:38 -------- d-------- C:\DOCUME~1\Miika\Application Data\macromedia
2006-11-25 13:18 -------- d-------- C:\Program Files\xvid
2006-11-22 17:25 -------- d-------- C:\Program Files\winlame
2006-11-21 22:07 -------- d-------- C:\DOCUME~1\Miika\Application Data\nokia multimedia player
2006-11-21 22:02 -------- d-------- C:\DOCUME~1\Miika\Application Data\pc suite
2006-11-21 22:01 -------- d-------- C:\Program Files\nokia
2006-11-21 22:01 -------- d-------- C:\Program Files\Common Files\pcsuite
2006-11-21 22:01 -------- d-------- C:\Program Files\Common Files\nokia
2006-11-21 19:05 -------- d-------- C:\Program Files\toniarts
2006-11-21 18:52 421888 --a------ C:\Program Files\putty058.exe
2006-11-20 16:56 -------- d-------- C:\DOCUME~1\Miika\Application Data\help
2006-11-20 10:51 -------- d-------- C:\Program Files\casio
2006-11-20 10:49 -------- d-------- C:\DOCUME~1\Miika\Application Data\adobeum
2006-11-19 19:42 35836 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_hp_counterreport_update_hpsu.log
2006-11-19 19:42 2080 --a------ C:\DOCUME~1\Miika\Application Data\hpsu_48bitscanupdate.log
2006-11-19 19:40 3623 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_izclosingdiscerror.log
2006-11-19 19:40 354 --a------ C:\DOCUME~1\Miika\Application Data\helpfilesupdatepatch_printhelpwrapper.log
2006-11-19 19:40 2854 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_instantsharejpg.log
2006-11-19 19:40 0 --a------ C:\DOCUME~1\Miika\Application Data\helpfilesupdatepatch_helpfilereplace.log
2006-11-19 19:39 341852 --a------ C:\DOCUME~1\Miika\Application Data\update_hp_redboxhprblog_hpsu.log
2006-11-19 19:38 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-11-19 18:57 -------- d-------- C:\DOCUME~1\Miika\Application Data\lavasoft
2006-11-19 13:15 -------- d-------- C:\DOCUME~1\Miika\Application Data\adobe
2006-11-19 13:02 21848 --a------ C:\DOCUME~1\Miika\Application Data\gdipfontcachev1.dat
2006-11-18 20:26 1410680 --a------ C:\Program Files\install_flash_player.exe
2006-11-18 19:12 -------- d-------- C:\Program Files\msxml 4.0
2006-11-18 17:36 -------- d-------- C:\DOCUME~1\Miika\Application Data\hp
2006-11-18 17:26 -------- d-------- C:\Program Files\Common Files\sonic shared
2006-11-18 17:25 -------- d-------- C:\Program Files\Common Files\hp
2006-11-18 17:24 -------- d-------- C:\Program Files\hp
2006-11-18 17:24 -------- d-------- C:\Program Files\hewlett-packard
2006-11-18 17:22 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-11-18 16:45 -------- d-------- C:\DOCUME~1\Miika\Application Data\f-secure
2006-11-18 15:53 -------- d-------- C:\Program Files\baana tietoturva
2006-11-18 15:52 -------- d-------- C:\DOCUME~1\Miika\Application Data\pex
2006-11-18 15:19 -------- d-------- C:\DOCUME~1\Miika\Application Data\ispnews
2006-11-18 15:07 118842 -r------- C:\WINDOWS\bwunin-6.3.2.116-9683872l.exe
2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 21:29 865 --a------ C:\DOCUME~1\Miika\Application Data\adobedlm.log
2006-11-03 21:29 0 --a------ C:\DOCUME~1\Miika\Application Data\dm.ini
2006-11-03 20:57 49080 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-11-03 20:57 143432 --a------ C:\WINDOWS\system32\pdfmona.dll
2006-11-03 02:29 62 --ahs---- C:\DOCUME~1\Miika\Application Data\desktop.ini
2006-11-02 20:27 60416 --a------ C:\WINDOWS\alcfdrtm.exe
2006-11-02 19:39 0 -rahs---- C:\MSDOS.SYS
2006-11-02 19:39 0 -rahs---- C:\IO.SYS
2006-11-02 19:39 0 --a------ C:\CONFIG.SYS
2006-11-02 19:39 0 --------- C:\AUTOEXEC.BAT
2006-11-01 14:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-20 03:39 713728 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PowerBar"=""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RunDLL32.exe\" NvMCTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"F-Secure Manager"="\"C:\\Program Files\\BAANA TIETOTURVA\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\BAANA TIETOTURVA\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\ispnews.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Dit"="Dit.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{162dcb4f-6ace-11db-999a-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe root.ini

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-01-14 14:38:20

Näkyykö siellä "örkkejä"?

Hujo · Jan 14, 2007

Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
• Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
• Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
• Käynnistä AVG Anti-Spyware.
• Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

• Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
• Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
• Sitten "Reports" valikon alta:

o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

• Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
• "Resident shield is", muuta tila active:sta inactive:ksi
• Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,

sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
• Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

miggu · Jan 14, 2007

Tässäpä ois AVG Anti-Spywaren raportti:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:41:05 14.1.2007

+ Scan result:

C:\Documents and Settings\Vierailijat\Cookies\vierailijat@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

::Report end

C:\Documents and Settings\Vierailijat\Cookies\vierailijat@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

::Report end

Kävi semmoinen vahinko että quarantinen sijasta deletoin, toivottavasti se ei aiheuta mitään vakavempaa.

Mitenkäs sitten tehdään?

miggu · Jan 14, 2007

C:\Documents and Settings\Vierailijat\Cookies\vierailijat@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

::Report end
Click to expand...

Hups, tuli vahingossa kaks kertaa tuo rivi.

Hujo · Jan 15, 2007

aja ccleaner
lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja puhistaja > tutki > putsaa oikea alakulma
aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.

aja combofix uudestaan

miggu · Jan 15, 2007

Ja tässä ComboFixin raportti CCleanerin puhdistusten jälkeen:

"Miika" - 07-01-15 18:51:31 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\Miika\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))

2007-01-15 18:43 <KANSIO> d-------- C:\Program Files\CCleaner
2007-01-14 22:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 22:08 <KANSIO> d-------- C:\Program Files\Grisoft
2007-01-14 01:15 <KANSIO> d-------- C:\Program Files\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\Program Files\Common Files\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Skype
2007-01-14 01:15 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-13 23:13 <KANSIO> d-------- C:\Downloads
2007-01-13 23:13 <KANSIO> d-------- C:\Bases
2007-01-13 23:06 <KANSIO> d-------- C:\Kaspersky
2007-01-13 22:50 <KANSIO> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Webroot
2007-01-13 22:30 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Ahead
2007-01-13 21:13 <KANSIO> d-------- C:\VundoFix Backups
2007-01-11 23:44 <KANSIO> d-------- C:\WINDOWS\ie7updates
2007-01-11 14:36 1,231,872 --a------ C:\Program Files\winscp382.exe
2007-01-08 17:38 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-08 17:38 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-08 17:38 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-08 17:38 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-08 17:38 <KANSIO> d-------- C:\Program Files\Webroot
2007-01-08 17:38 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-01-08 17:38 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-01-08 17:37 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Webroot
2007-01-08 16:43 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-08 16:43 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-07 12:04 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-06 23:53 118,804 --a------ C:\WINDOWS\system32\kujpgqfp.dll
2007-01-02 19:20 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Opera
2006-12-29 22:56 184,320 --a------ C:\WINDOWS\system\Comdlg32.dll
2006-12-29 13:22 88,340 --a------ C:\WINDOWS\system32\elcaswkh.exe
2006-12-29 13:22 277,044 ---hs---- C:\WINDOWS\system32\awtqo.dll
2006-12-29 13:14 22,541 ---hs---- C:\WINDOWS\system32\qommjij.dll
2006-12-28 20:09 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2006-12-28 16:38 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\DivX
2006-12-28 16:35 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-28 16:35 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-28 16:35 <KANSIO> d-------- C:\Program Files\DivX
2006-12-25 16:06 <KANSIO> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2006-12-25 16:06 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\Audacity
2006-12-23 21:07 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2006-12-23 21:07 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2006-12-23 21:07 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2006-12-23 20:57 <KANSIO> d-------- C:\DOCUME~1\Miika\Application Data\OfficeUpdate12
2006-12-23 13:58 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Sun
2006-12-22 12:47 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\F-Secure
2006-12-22 11:55 81,920 --a------ C:\WINDOWS\Dit.exe
2006-12-22 11:55 61,440 --a------ C:\WINDOWS\DitExp.exe
2006-12-22 11:55 176,128 --------- C:\WINDOWS\Dit.DLL
2006-12-22 11:44 <KANSIO> d-------- C:\DOCUME~1\IS9B88~1\Application Data\HP
2006-12-22 11:33 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Contacts
2006-12-22 11:26 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Google
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\Suosikit
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\Omat tiedostot
2006-12-22 11:23 <KANSIO> dr------- C:\DOCUME~1\VIERAI~1\K„ynnist„-valikko
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Verkkoymp„rist”
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Tulostinymp„rist”
2006-12-22 11:23 <KANSIO> d--h----- C:\DOCUME~1\VIERAI~1\Mallit
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Ty”p”yt„
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Phone Browser
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Bluetooth Software
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\Real
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\PC Suite
2006-12-22 11:23 <KANSIO> d-------- C:\DOCUME~1\VIERAI~1\Application Data\ispnews
2006-12-22 11:05 <KANSIO> d-------- C:\DOCUME~1\IS9B88~1\Application Data\Real
2006-12-22 10:54 <KANSIO> d-------- C:\DOCUME~1\ITI~1\Application Data\Real
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Phone Browser
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Application Data\Real
2006-12-22 10:52 <KANSIO> d-------- C:\DOCUME~1\Vieras\Application Data\PC Suite
2006-12-15 00:21 <KANSIO> d-------- C:\temp
2006-12-15 00:20 <KANSIO> d-------- C:\Program Files\MIDI-TO-MP3 1.2
2006-12-15 00:15 <KANSIO> d-------- C:\Program Files\TallStick

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-13 23:02 56 --a------ C:\Program Files\mwav.log
2007-01-09 23:20 -------- d-------- C:\Program Files\google
2007-01-07 19:24 -------- d-------- C:\Program Files\windows live toolbar
2007-01-07 12:49 -------- d---s---- C:\DOCUME~1\Miika\Application Data\microsoft
2006-12-29 23:31 -------- d--h----- C:\Program Files\installshield installation information
2006-12-29 12:49 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-28 20:10 -------- d-------- C:\DOCUME~1\Miika\Application Data\real
2006-12-28 20:09 -------- d-------- C:\Program Files\Common Files\real
2006-12-24 15:10 -------- d-------- C:\Program Files\dc++
2006-12-22 11:16 -------- d-------- C:\Program Files\opera
2006-12-12 18:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 18:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 18:30 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-12-12 18:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 18:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 18:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 18:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 18:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 18:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 18:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 18:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 18:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 18:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 18:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 18:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 18:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 18:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 18:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 18:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-10 22:14 -------- d-------- C:\Program Files\msn messenger
2006-12-10 22:14 -------- d-------- C:\Program Files\messenger plus! live
2006-12-07 07:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-02 14:57 -------- d-------- C:\Program Files\netbeans-5.5
2006-12-02 14:57 -------- d-------- C:\Program Files\java
2006-12-02 14:54 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-30 18:32 -------- d-------- C:\Program Files\real
2006-11-30 16:55 -------- d-------- C:\Program Files\avisynth 2.5
2006-11-30 16:54 -------- d-------- C:\Program Files\erightsoft
2006-11-28 18:46 -------- d-------- C:\Program Files\flvplayer
2006-11-28 18:15 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-27 22:09 -------- d-------- C:\Program Files\apple software update
2006-11-27 21:54 -------- d-------- C:\Program Files\windows live safety center
2006-11-27 20:13 -------- d-------- C:\Program Files\msi
2006-11-27 10:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 00:53 -------- d-------- C:\Program Files\quicktime
2006-11-26 00:53 -------- d-------- C:\DOCUME~1\Miika\Application Data\apple computer
2006-11-26 00:38 -------- d-------- C:\DOCUME~1\Miika\Application Data\macromedia
2006-11-25 13:18 -------- d-------- C:\Program Files\xvid
2006-11-22 17:25 -------- d-------- C:\Program Files\winlame
2006-11-21 22:07 -------- d-------- C:\DOCUME~1\Miika\Application Data\nokia multimedia player
2006-11-21 22:02 -------- d-------- C:\DOCUME~1\Miika\Application Data\pc suite
2006-11-21 22:01 -------- d-------- C:\Program Files\nokia
2006-11-21 22:01 -------- d-------- C:\Program Files\Common Files\pcsuite
2006-11-21 22:01 -------- d-------- C:\Program Files\Common Files\nokia
2006-11-21 19:05 -------- d-------- C:\Program Files\toniarts
2006-11-21 18:52 421888 --a------ C:\Program Files\putty058.exe
2006-11-20 16:56 -------- d-------- C:\DOCUME~1\Miika\Application Data\help
2006-11-20 10:51 -------- d-------- C:\Program Files\casio
2006-11-20 10:49 -------- d-------- C:\DOCUME~1\Miika\Application Data\adobeum
2006-11-19 19:42 35836 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_hp_counterreport_update_hpsu.log
2006-11-19 19:42 2080 --a------ C:\DOCUME~1\Miika\Application Data\hpsu_48bitscanupdate.log
2006-11-19 19:40 3623 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_izclosingdiscerror.log
2006-11-19 19:40 354 --a------ C:\DOCUME~1\Miika\Application Data\helpfilesupdatepatch_printhelpwrapper.log
2006-11-19 19:40 2854 --a------ C:\DOCUME~1\Miika\Application Data\patchupdate_instantsharejpg.log
2006-11-19 19:40 0 --a------ C:\DOCUME~1\Miika\Application Data\helpfilesupdatepatch_helpfilereplace.log
2006-11-19 19:39 341852 --a------ C:\DOCUME~1\Miika\Application Data\update_hp_redboxhprblog_hpsu.log
2006-11-19 19:38 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-11-19 18:57 -------- d-------- C:\DOCUME~1\Miika\Application Data\lavasoft
2006-11-19 13:15 -------- d-------- C:\DOCUME~1\Miika\Application Data\adobe
2006-11-19 13:02 21848 --a------ C:\DOCUME~1\Miika\Application Data\gdipfontcachev1.dat
2006-11-18 20:26 1410680 --a------ C:\Program Files\install_flash_player.exe
2006-11-18 19:12 -------- d-------- C:\Program Files\msxml 4.0
2006-11-18 17:36 -------- d-------- C:\DOCUME~1\Miika\Application Data\hp
2006-11-18 17:26 -------- d-------- C:\Program Files\Common Files\sonic shared
2006-11-18 17:25 -------- d-------- C:\Program Files\Common Files\hp
2006-11-18 17:24 -------- d-------- C:\Program Files\hp
2006-11-18 17:24 -------- d-------- C:\Program Files\hewlett-packard
2006-11-18 17:22 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-11-18 16:45 -------- d-------- C:\DOCUME~1\Miika\Application Data\f-secure
2006-11-18 15:53 -------- d-------- C:\Program Files\baana tietoturva
2006-11-18 15:52 -------- d-------- C:\DOCUME~1\Miika\Application Data\pex
2006-11-18 15:19 -------- d-------- C:\DOCUME~1\Miika\Application Data\ispnews
2006-11-18 15:07 118842 -r------- C:\WINDOWS\bwunin-6.3.2.116-9683872l.exe
2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 21:29 865 --a------ C:\DOCUME~1\Miika\Application Data\adobedlm.log
2006-11-03 21:29 0 --a------ C:\DOCUME~1\Miika\Application Data\dm.ini
2006-11-03 20:57 49080 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-11-03 20:57 143432 --a------ C:\WINDOWS\system32\pdfmona.dll
2006-11-03 02:29 62 --ahs---- C:\DOCUME~1\Miika\Application Data\desktop.ini
2006-11-02 20:27 60416 --a------ C:\WINDOWS\alcfdrtm.exe
2006-11-02 19:39 0 -rahs---- C:\MSDOS.SYS
2006-11-02 19:39 0 -rahs---- C:\IO.SYS
2006-11-02 19:39 0 --a------ C:\CONFIG.SYS
2006-11-02 19:39 0 --------- C:\AUTOEXEC.BAT
2006-11-01 14:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-01 14:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-20 03:39 713728 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PowerBar"=""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RunDLL32.exe\" NvMCTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"F-Secure Manager"="\"C:\\Program Files\\BAANA TIETOTURVA\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\BAANA TIETOTURVA\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\ispnews.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Dit"="Dit.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{162dcb4f-6ace-11db-999a-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe root.ini

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-01-15 18:53:29
C:\ComboFix2.txt ... 07-01-14 14:38

ps. ccleaner löysi aika paljon tavaraa...

miggu · Jan 17, 2007

Tässä on hjt-loqini kaikkien näiden puhdistusten jälkeen. Näkyykö siellä mitään enää puhdistettavaa vai sainko koneeni putsattua?

Logfile of HijackThis v1.99.1
Scan saved at 18:51:24, on 17.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\FSGK32.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BAANA TIETOTURVA\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\BAANA TIETOTURVA\Common\FAMEH32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsqh.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsrw.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsav32.exe
C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\BAANAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\BAANA TIETOTURVA\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Miika\Omat tiedostot\oma kansio\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\BAANA TIETOTURVA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\BAANA TIETOTURVA\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miikapaka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04B2B5-B5A1-4040-81F2-D675457CEE06}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

miggu · Jan 20, 2007

No, jos kukaan ei enää viitsi logiani vilkaista, niin suuret kiitokset hujolle neuvoista.
Yhtä asiaa kuitenkin vielä kysyisin, kannattaako nämä puhdistusohjelmat jotka olen ladannut näiden ohjeiden mukaan säilyttää koneella vai poistaa? Olisin kiittollinen vielä tästä tiedosta.

Log in or Sign up

koneessa viruksia?!

miggu Member

Hujo Guest

miggu Member

Hujo Guest

miggu Member

Hujo Guest

miggu Member

miggu Member

Hujo Guest

miggu Member

miggu Member

miggu Member

Share This Page

Log in or Sign up

koneessa viruksia?!

miggu Member

Hujo Guest

miggu Member

Hujo Guest

miggu Member

Hujo Guest

miggu Member

miggu Member

Hujo Guest

miggu Member

miggu Member

miggu Member

Share This Page

Useful Searches