Terve Eli netti pätkii, oikeastaan muutama sivusto aukeaa järkyttävän hitaasti ja osa toimii normaalisti.Aina Firefoxin avatessa popup pomppaa esiin, puhdistanut olen Advancedsystemcarella, windows defenderillä ja CCleanerilla, joista ei sen suurempaa apua ole ollut. Jos joku viisaampi osaisi tuosta logista viskata jotain vinkkiä, niin olisin erittäin kiitollinen. Itseltä alkaa keinot loppua. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:20, on 8.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1035&fid=RegXPWizCredOnly R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {184724dc-9f35-4bcf-887b-76f22481f26d} - C:\WINDOWS\system32\jasamohu.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [guhedatuwo] Rundll32.exe "C:\WINDOWS\system32\pivetupa.dll",s O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [CPM20ae2761] Rundll32.exe "c:\windows\system32\juguteto.dll",a O4 - HKLM\..\Run: [239d14fd] rundll32.exe "C:\WINDOWS\system32\ketoyibo.dll",b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: c:\windows\system32\fuweyuni.dll c:\windows\system32\pasugusa.dll C:\WINDOWS\system32\nisawoyi.dll c:\windows\system32\newuwiyo.dll c:\windows\system32\yumaluso.dll c:\windows\system32\hofonike.dll c:\windows\system32\juguteto.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\juguteto.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\juguteto.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7354 bytes
Kyllä täällä tauhkaa on runsaasti !!! Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki. .
Tässäpä olisit logit toimenpiteiden jälkeen. Malwarebytes' Anti-Malware 1.37 Tietokantaversio: 2255 Windows 5.1.2600 Service Pack 3 9.6.2009 22:41:59 mbam-log-2009-06-09 (22-41-59).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|F:\|) Tarkistetut kohteet: 178002 Kulunut aika: 1 hour(s), 5 minute(s), 10 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 6 Saastuneita rekisteriavaimia: 8 Saastuneita rekisteriarvoja: 5 Saastuneita rekisterikohteita: 5 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 42 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\ketoyibo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nisawoyi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\yumaluso.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\pivetupa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jasamohu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\juguteto.dll (Trojan.BHO) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184724dc-9f35-4bcf-887b-76f22481f26d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{184724dc-9f35-4bcf-887b-76f22481f26d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{184724dc-9f35-4bcf-887b-76f22481f26d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guhedatuwo (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm20ae2761 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\239d14fd (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nisawoyi.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nisawoyi.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yumaluso.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\juguteto.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\pivetupa.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\yumaluso.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ketoyibo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jasamohu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nisawoyi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\juguteto.dll (Trojan.BHO) -> Delete on reboot. c:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\system32\ketisozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\yakituro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP444\A0044231.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP446\A0044288.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP446\A0044289.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP447\A0044397.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP447\A0044398.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044399.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044400.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044401.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044402.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044403.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044404.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044405.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044407.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044408.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044409.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044410.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044411.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP448\A0044413.dll (Trojan.Vundo) -> Quarantined and deleted successfully. c:\system volume information\_restore{3ed89c74-d6bb-409a-8c38-e87d24c10102}\RP449\A0044473.DLL (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\loganoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ruludoji.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yutobayu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jowuhese.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nasikaje.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\modigege.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gobewowi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dovipele.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hivofupi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mefupojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pedanawe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuneyevi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kivigoru.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Ja Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:46:51, on 9.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1035&fid=RegXPWizCredOnly R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: c:\windows\system32\fuweyuni.dll c:\windows\system32\pasugusa.dll c:\windows\system32\newuwiyo.dll c:\windows\system32\hofonike.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6667 bytes
Asenna ensimmäiseksi virustorjuntasi uudelleen => Eset\nod32 Kerio\Personal Firewall Ovat pudonneet pois !!!! ----------------------------------- * Seuraavat ohjelmat ei ole välttämättömiä käynnistyksessä.(toimivat silti normaalisti) * Kirjoita windowsin käynnistä-valikon suorita-kenttään msconfig paina OK * Valitse oikealla sijaitseva käynnistys-välilehti. [Advanced SystemCare 3] * ota ruksi ohjelman kohdalta pois. * Valitse sitten käytä. (poistu ohjelmasta) Koneen uudelleen käynnistyksessä se kysyy mitä tehdään. Otat uuden kokoonpanon käyttöön ja ruksi vasempaan alakulmaan ettei kysy samaa jokakerta uudelleen. ----------------------------------------------------- Lataa ja aja Nortonin poisto: TÄÄLTÄ -------------------------------------------------------------------- 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: combofix.exe combofix.exe Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne: Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt). Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne. ---------------------------------------------------------------------------- Poista ne rivit jotka ovat vielä jäljellä: Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa) Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O20 - AppInit_DLLs: c:\windows\system32\fuweyuni.dll c:\windows\system32\pasugusa.dll c:\windows\system32\newuwiyo.dll c:\windows\system32\hofonike.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Tyhjennä roskakori ja käynnistä koneesi uudelleen. Postita tänne seuraavat lokit: * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta) * (C:\ComboFix.txt) raportti * *
Combofix ComboFix 09-06-11.02 - Suhonen Sami 11.06.2009 22:18.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.894.574 [GMT 3:00] Sijainti: c:\documents and settings\Suhonen Sami\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\baguteja.dll c:\windows\system32\biwofoye.dll c:\windows\system32\dirupahu.dll c:\windows\system32\huzitala.dll c:\windows\system32\likibefi.dll c:\windows\system32\sowesuno.dll c:\windows\system32\sujibiwi.dll c:\windows\system32\wufewoga.dll c:\windows\system32\vujapede.dll c:\windows\system32\zayezeru.dll c:\windows\kb913800.exe c:\windows\system32\bulisazu.dll c:\windows\system32\divimuvo.dll c:\windows\system32\gekoseta.dll c:\windows\system32\gipidiwu.dll c:\windows\system32\hisigopi.dll c:\windows\system32\hofonike.dll c:\windows\system32\husenafe.dll c:\windows\system32\kolubagu.dll c:\windows\system32\liwoduki.dll c:\windows\system32\navavaze.dll.tmp c:\windows\system32\nazofafo.dll c:\windows\system32\nihujoti.dll c:\windows\system32\ranuvozo.dll c:\windows\system32\rejipupo.dll c:\windows\system32\sobamehu.dll c:\windows\system32\tayesanu.dll.tmp c:\windows\system32\wogisewo.dll c:\windows\system32\zayezeru.dll.tmp c:\windows\system32\zofowoda.dll c:\windows\system32\zugibiru.dll D:\Autorun.inf ----- BITS: Mahdollisesti saastuneet sivut ----- hxxp://82.98.231.95 . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-05-11 to 2009-06-11 ))))))))))))))))) . 2009-06-11 19:02 . 2009-06-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-06-11 18:51 . 2004-10-15 15:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-06-11 18:51 . 2004-10-15 15:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-06-11 18:50 . 2004-10-15 15:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-06-11 18:50 . 2009-06-11 18:50 -------- d-----w- c:\program files\Sygate 2009-06-11 18:50 . 2009-06-11 18:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-11 18:34 . 2009-06-11 18:34 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\Kerio 2009-06-11 17:44 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-11 17:44 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-11 17:44 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-11 17:43 . 2009-06-11 17:43 -------- d-----w- c:\program files\Avira 2009-06-11 17:43 . 2009-06-11 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\Malwarebytes 2009-06-09 18:30 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-09 18:30 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-08 18:30 . 2009-06-08 18:30 -------- d-----w- c:\program files\Trend Micro 2009-06-03 19:26 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-02 19:22 . 2009-06-02 19:22 -------- d-----w- c:\program files\Windows Defender 2009-05-29 18:39 . 2009-05-29 18:39 -------- d-----w- c:\documents and settings\Suhonen Sami\Local Settings\Application Data\Opera 2009-05-22 19:32 . 2009-05-22 19:32 456 ----a-w- c:\windows\system32\drivers\kflgscwo.dat . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 18:43 . 2009-06-11 18:31 11706 ----a-w- c:\windows\system32\drivers\kwflower.log 2009-04-26 13:49 . 2009-04-26 13:49 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\IObit 2009-04-26 13:49 . 2009-04-26 13:49 -------- d-----w- c:\program files\IObit 2009-04-09 03:40 . 2009-04-09 03:40 152576 ----a-w- c:\documents and settings\Suhonen Sami\Application Data\Sun\Java\jre1.6.0_13\lzma.dll . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä Ja sitten Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:27, on 11.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Windows Media Player\wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1035&fid=RegXPWizCredOnly R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6303 bytes
ComboFixin raahaus ei onnistunut. ja Lgi oli vain puolikas ???? Tee uudelleen (irroita älä klikkaa) Lähetä => C:\comboFix.txt Jos combon login alussa lukee näin: Running from: C:\Documents and Settings\Stuu\Työpöytä\ComboFix.exe raahaus ei onnistunut. Onnistuneessa logissa lukee näin: Command switches used :: C:\Documents and Settings\Jessica\Työpöytä\CFScript.txt Harjoittele ja logi kun onnistuu. *************************************************************' Onko tämä tarpeen ??? Code: Your ip: 82.98.231.95 Network Owner: CYBER TECHNOLOGY BVBA SPRL Country: Netherlands City: Null ??? => .
Jospa tuo Combo nyt onnistui ? Näillä rahkeille en kyllä pysty parempaan ComboFix 09-06-11.02 - Suhonen Sami 13.06.2009 7:42.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.894.568 [GMT 3:00] Sijainti: c:\documents and settings\Suhonen Sami\Desktop\ComboFix.exe Käytetyt komentorivivalitsimet :: c:\documents and settings\Suhonen Sami\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} FILE :: "c:\windows\system32\fuweyuni.dll" "c:\windows\system32\hofonike.dll" "c:\windows\system32\newuwiyo.dll" "c:\windows\system32\pasugusa.dll" . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-05-13 to 2009-06-13 ))))))))))))))))) . 2009-06-11 19:02 . 2009-06-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2009-06-11 18:51 . 2004-10-15 15:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2009-06-11 18:51 . 2004-10-15 15:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2009-06-11 18:51 . 2004-10-15 15:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2009-06-11 18:50 . 2004-10-15 15:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2009-06-11 18:50 . 2009-06-11 18:50 -------- d-----w- c:\program files\Sygate 2009-06-11 18:50 . 2009-06-11 18:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-11 18:34 . 2009-06-11 18:34 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\Kerio 2009-06-11 17:44 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-11 17:44 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-11 17:44 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-11 17:43 . 2009-06-11 17:43 -------- d-----w- c:\program files\Avira 2009-06-11 17:43 . 2009-06-11 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\Malwarebytes 2009-06-09 18:30 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-09 18:30 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-09 18:30 . 2009-06-09 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-08 18:30 . 2009-06-08 18:30 -------- d-----w- c:\program files\Trend Micro 2009-06-03 19:26 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-02 19:22 . 2009-06-02 19:22 -------- d-----w- c:\program files\Windows Defender 2009-05-29 18:39 . 2009-05-29 18:39 -------- d-----w- c:\documents and settings\Suhonen Sami\Local Settings\Application Data\Opera 2009-05-22 19:32 . 2009-05-22 19:32 456 ----a-w- c:\windows\system32\drivers\kflgscwo.dat . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 18:43 . 2009-06-11 18:31 11706 ----a-w- c:\windows\system32\drivers\kwflower.log 2009-05-07 15:32 . 2004-08-10 17:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2006-01-09 18:02 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-08-10 17:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 13:49 . 2009-04-26 13:49 -------- d-----w- c:\documents and settings\Suhonen Sami\Application Data\IObit 2009-04-26 13:49 . 2009-04-26 13:49 -------- d-----w- c:\program files\IObit 2009-04-17 12:26 . 2004-08-10 17:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 17:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-09 03:40 . 2009-04-09 03:40 152576 ----a-w- c:\documents and settings\Suhonen Sami\Application Data\Sun\Java\jre1.6.0_13\lzma.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-11_19.25.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-13 04:10 . 2009-06-13 04:10 16384 c:\windows\Temp\Perflib_Perfdata_bb0.dat + 2009-06-13 04:09 . 2009-06-13 04:09 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat + 2009-06-13 04:09 . 2009-06-13 04:09 16384 c:\windows\Temp\Perflib_Perfdata_110.dat - 2007-03-30 22:33 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2007-03-30 22:33 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2009-06-11 17:44 . 2009-06-13 04:06 28520 c:\windows\system32\drivers\ssmdrv.sys - 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll + 2009-02-20 08:10 . 2009-04-29 04:46 81920 c:\windows\system32\dllcache\ieencode.dll + 2006-01-09 18:02 . 2009-04-29 04:46 620032 c:\windows\system32\urlmon.dll - 2006-08-21 12:46 . 2009-03-29 07:08 189792 c:\windows\system32\FNTCACHE.DAT + 2006-08-21 12:46 . 2009-06-13 03:59 189792 c:\windows\system32\FNTCACHE.DAT + 2008-04-21 06:44 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\wininet.dll + 2008-06-26 08:15 . 2009-04-29 04:46 620032 c:\windows\system32\dllcache\urlmon.dll + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll + 2006-01-09 18:02 . 2009-04-29 04:46 1499136 c:\windows\system32\shdocvw.dll - 2006-01-09 18:02 . 2009-03-02 23:04 1499136 c:\windows\system32\shdocvw.dll + 2006-02-01 02:59 . 2009-04-29 04:46 3068928 c:\windows\system32\mshtml.dll + 2008-10-16 19:04 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys - 2008-06-26 08:15 . 2009-03-02 23:04 1499136 c:\windows\system32\dllcache\shdocvw.dll + 2008-06-26 08:15 . 2009-04-29 04:46 1499136 c:\windows\system32\dllcache\shdocvw.dll + 2008-04-21 06:44 . 2009-04-29 04:46 3068928 c:\windows\system32\dllcache\mshtml.dll + 2009-06-12 19:56 . 2009-06-01 06:51 23635392 c:\windows\system32\MRT.exe . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Documents and Settings\\Suhonen Sami\\Desktop\\utorrent.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\Suhonen Sami\\Application Data\\SopCast\\ADV\\SopAdver.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11.6.2009 20:44 194817] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.6.2009 20:44 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11.6.2009 20:44 434945] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?] . 'Ajoitetut tehtävät'-kansion sisältö 2009-06-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20] . . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://fi.intl.acer.yahoo.com/ mStart Page = hxxp://fi.intl.acer.yahoo.com uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1035&fid=RegXPWizCredOnly uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-13 07:46 Windows 5.1.2600 Service Pack 3 FAT NTAPI tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\Ati2evxx.dll . Valmistumisajankohta: 2009-06-13 7:48 ComboFix-quarantined-files.txt 2009-06-13 04:48 ComboFix2.txt 2009-06-11 19:28 Ennen ajoa: 38 233 866 240 bytes free Ajon jälkeen: 38 254 280 704 tavua vapaana Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=,1,2,3 163 --- E O F --- 2009-06-12 19:59 Ja Hijakkia Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:37:32, on 13.6.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1035&fid=RegXPWizCredOnly R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 6307 bytes Eipä kai ?
Kyllä se nyt onnistui !!! ****************************************** Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK ************************************************************* Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat. ********************************************************** * Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois * Käynnistä koneesi normaalitilaan. * Lataa HOSTS: Täältä Työpöydällesi. * Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon. Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt. Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia) -------------------------------------------------------------- Jonkun ON-Line scannerin voit ajaa jos rahkeissa on varaa .
Erittäin paljon kiitoksia Kalmiselle ohjeista.Huomatavasti mukavampi käyttää internettiä,kun ei tarvitse kupillistä kahvia vetästä sivuja lataillessa
