logi tiedot miten poistan ton system32 errorin

Scan saved at 17:56:12, on 26.3.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\sköde\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cm

 

Loki ei ole kokonainen. Lähetä se uudestaan ja tällä kertaa kokonaan.

 

ilmeisesti onnistuin sutimaan jotai ku sammutin koneen ni se ei enää suostunu ees biossii menee...
tähän myllyy tuli sama ku asensin telewellin usb modeemin ajurin yrityksen sivuilta siis sama pomuppi tulee kokoajan ja kertoo vakavasta systemerrorist ja pitäs mennä jonnekki migrösöftin sivuille maksaa ittensä kipeex jostai hoitsu ohjelmasta

 

Yup, huijausta kun mistään ei periaatteessa pits maksaa.
Mutta mahtoko olla rautavika vai juuri softassa ja ajurissa?

 

voisko joku neuvoa vielä miten se loki tänne toimitetaan oikee sillee rautalangasta väännettynä etten saa toista konettanikin sekaisin on meinaa sama system32 juttu tässäkin koneessa...

 

Jos hjt-lokin lähettämisohjetta kaipasit, niin täältä löytyy -> http://keskustelu.afterdawn.com/thread_view.cfm/316714

 

Logfile of HijackThis v1.99.1
Scan saved at 20:25:03, on 23.3.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\tauno eli tane\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [negro must die] steel.exe
O4 - HKLM\..\RunServices: [negro must die] steel.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

voisko joku tsekata ton lokin... nyt pitäs olla kokonainen

 

Siirrä HjT omaan kansioonsa -> c:\hjt

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O4 - HKLM\..\Run: [negro must die] steel.exe
O4 - HKLM\..\RunServices: [negro must die] steel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Poista jos löytyy:

steel.exe (etsi Etsi-toiminnolla)
C:\WINDOWS\web\related.htm

Käynnistä uudelleen ja lähetä uusi HjT-loki.

 

Logfile of HijackThis v1.99.1
Scan saved at 17:57:55, on 4.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\hjt\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Loki on puhdas. Vielä ongelmia?

 

melko hidas tää kone on vaik muistia 768 ja prossukin on 3000+ mistähän johtus?

 

Hidastaisko tuo Googlen työpöytähaku menoa? Anyway, käy hakemassa Winkkariin päivitykset. Niistä ei voi liikaa muistuttaa.

 

noita viruksia näyttää löytyvän silti tolla f-securella mut se ei niitä puhdista et mitäs mä niille teen?

 

Hae ewido ja päivitä se -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti

Käynnistä uudelleen ja lähetä ewidon raportti.

 

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 15:13:11, 5.4.2006
+ Report-Checksum: 2B2F6C01

+ Scan result:

C:\A.0AT -> Trojan.Zapchast : Cleaned with backup
:mozilla.23:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.33:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.34:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.48:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.49:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.53:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.123:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.152:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.174:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.180:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.203:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.204:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.205:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.206:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.207:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.209:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.214:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.215:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.225:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.234:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.249:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.250:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.251:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.268:C:\Documents and Settings\tauno eli tane\Application Data\Mozilla\Firefox\Profiles\re539h63.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\tauno eli tane\Cookies\tauno eli tane@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\tauno eli tane\Cookies\tauno eli tane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\system32\SPREAD.0XE -> Backdoor.Agobot.agw : Cleaned with backup
C:\WINDOWS\system32\STEEL.0XE -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\STEEL.1XE -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\VMMON32.0XE -> Backdoor.SdBot.aow : Cleaned with backup


::Report End

 

Poisti ihan mukavasti, joo. Katos löytääkö f-secure vielä jotain. Jos löytää, niin lähetä sen löydöt tänne.

 

* C:\WINDOWS\system32\i Virustartunta: Trojan-Downloader.BAT.Ftp.ab
* C:\WINDOWS\system32\IEXPLORER.0XE Virustartunta: Backdoor.Win32.Rbot.gen

* Tiedoston C:\hiberfil.sys avaaminen ei onnistu.
* Tiedoston C:\pagefile.sys avaaminen ei onnistu.
* Tiedoston C:\WINDOWS\system32\IEXPLORER.0XE lukeminen ei onnistu. [F-Secure Orion]
* Tiedoston C:\WINDOWS\system32\config\default avaaminen ei onnistu.
* Tiedoston C:\WINDOWS\system32\config\SAM avaaminen ei onnistu.
* Tiedoston C:\WINDOWS\system32\config\SECURITY avaaminen ei onnistu.
* Tiedoston C:\WINDOWS\system32\config\system avaaminen ei onnistu.
* Tiedoston C:\WINDOWS\SoftwareDistribution\EventCache\{E31C822B-D5B5-41B6-98E9-B200F42F2D2B}.bin avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\Common\policy.ipf avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000001.FCS avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat avaaminen ei onnistu.
* Tiedoston C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\tauno eli tane\NTUSER.DAT avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\tauno eli tane\Local Settings\Temp\Perflib_Perfdata_3ec.dat avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\tauno eli tane\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\NetworkService\NTUSER.DAT avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\LocalService\NTUSER.DAT avaaminen ei onnistu.
* Tiedoston C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat avaaminen ei onnistu.

 

Nuo errorit on ihan ok ja normaalia.

Poista nämä käsin:

C:\WINDOWS\system32\i
C:\WINDOWS\system32\IEXPLORER.0XE

 

siis...
teen tarkistuksen ja poistan ne tosta raportista vai miten?