Poistiko AVG väärän tiedoston?

Tontttu · Jan 20, 2008

Moikka!

AVG poisti mulla eilen tiedoston "C:\windows\system32\scvhost.exe". Nyt aina koneen käynnistyessä tulee 5 ilmoitusta, että tiedoston avaaminen ei onnistunut, haluatko etsiä tiedoston pläpläpläp. Kone käynnistyy myös hitaammin, ohjelmat ei meinaa aueta ihan heti... Mitä teen?

tomato71 · Jan 20, 2008

ei ole turha jos olet kirjoittanut oikeen,tuo pitäis olla W32/Agobot-S virus
onko kyseessä scvhost.exe vai svchost.exe

tomato71 · Jan 20, 2008

tupla

Tontttu · Jan 20, 2008

On just nii, miten kirjotinkin eli scvhost.exe. Joo, jostain luinkin että toi on virus, mutta miks niitä ilmotuksia tulee koneen käynnistyessä? Mitä pitäis tehä?

tomato71 · Jan 20, 2008

lataa ja aja
http://www.f-secure.com/tools/f-agobot.exe

lue ensin ohjeet
http://www.f-secure.com/tools/f-agobot.txt

sen jälkeen

Lataa tästä HJTInstall.exe
*Tallenna HJTInstall.exe työpöydällesi.
*Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
*Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
*Klikkaa Install.
*Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
*Kun asennus on valmis, se käynnistää HijackThisin.
*Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
*Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
*Liitä lokin sisältö seuraavaan vastaukseesi.
*ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
*ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.

ja

1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

lähetä hjt-loki mikä on otettu combofixin ajon jälkeen + combofixin loki

Tontttu · Jan 20, 2008

"f-agobot.exe on havainnut virheen, ja tuote on suljettava. Paoittelemme häiriötä." Toi tulee aina...

Noo, tässä kuitenkin logit:

ComboFix:

ComboFix 08-01-20.1 - Tontttu 2008-01-20 13:37:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.369 [GMT 2:00]
Running from: C:\Documents and Settings\Tontttu\Ty”p”yt„\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-20 to 2008-01-20 )))))))))))))))))
.

2008-01-20 13:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 12:01 . 2008-01-20 12:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-20 11:54 . 2008-01-20 11:54 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-20 11:51 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-20 01:23 . 2008-01-20 01:23 <KANSIO> d-------- C:\Program Files\ATI
2008-01-20 01:15 . 2008-01-20 01:15 <KANSIO> d-------- C:\ATI
2008-01-19 19:31 . 2008-01-19 19:31 <KANSIO> d-------- C:\Program Files\Common Files\Thraex Software
2008-01-19 17:35 . 2008-01-20 12:04 <KANSIO> d-------- C:\PacSteam
2008-01-19 13:15 . 2008-01-19 13:15 512 --a------ C:\ScanSectorLog.dat
2008-01-18 23:53 . 2008-01-20 13:00 805 --a------ C:\rollback.ini
2008-01-18 23:34 . 2008-01-18 23:34 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\MailFrontier
2008-01-18 23:31 . 2008-01-20 13:40 7,383,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 23:31 . 2008-01-20 13:40 210,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 23:31 . 2008-01-20 11:53 100,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 23:31 . 2008-01-20 11:53 20,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-18 23:24 . 2008-01-20 13:23 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-01-18 21:11 . 2008-01-20 08:00 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\AVG7
2008-01-18 21:11 . 2008-01-18 21:11 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-18 21:11 . 2008-01-18 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 21:11 . 2008-01-18 21:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-18 21:01 . 2008-01-18 23:29 42,888 --a------ C:\WINDOWS\system32\ckl009.dat
2008-01-18 20:59 . 2008-01-18 23:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-18 14:23 . 2008-01-18 14:23 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Locktime
2008-01-18 14:22 . 2008-01-18 14:23 <KANSIO> d-------- C:\Program Files\NetLimiter 2 Pro
2008-01-18 14:22 . 2008-01-18 14:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-01-17 23:49 . 2008-01-17 23:49 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-01-16 18:52 . 2008-01-16 18:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 18:52 . 2008-01-16 18:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 18:48 . 2008-01-16 18:48 <KANSIO> d-------- C:\Program Files\Samsung Network Printer Utilities
2008-01-16 18:47 . 2008-01-16 18:47 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\SmarThru4
2008-01-16 18:46 . 2008-01-16 18:47 <KANSIO> d-------- C:\Program Files\SmarThru 4
2008-01-16 18:46 . 2008-01-16 18:46 <KANSIO> d-------- C:\Program Files\Readiris10
2008-01-16 18:46 . 2008-01-16 18:46 <KANSIO> d-------- C:\Program Files\Common Files\SRC Shared
2008-01-16 18:45 . 2008-01-16 18:45 <KANSIO> d-------- C:\WINDOWS\Samsung
2008-01-16 18:45 . 2007-03-15 12:07 458,752 --a------ C:\WINDOWS\ssndii.exe
2008-01-16 18:45 . 2007-01-12 11:49 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-16 18:45 . 2007-01-12 11:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-16 18:45 . 2007-01-12 11:49 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
2008-01-16 18:44 . 2007-01-26 10:03 151,552 --a------ C:\WINDOWS\system32\cx21sci.exe
2008-01-16 18:44 . 2007-01-26 10:03 65,536 --a------ C:\WINDOWS\system32\cx21sci.dll
2008-01-16 18:44 . 2007-01-26 10:03 22,723 --a------ C:\WINDOWS\system32\cx21sl3.dll
2008-01-16 18:44 . 2007-01-17 11:23 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
2008-01-16 18:44 . 2007-01-26 10:03 361 --a------ C:\WINDOWS\system32\cx21sl3.smt
2008-01-16 18:43 . 2008-01-16 18:45 <KANSIO> d-------- C:\Program Files\Samsung
2008-01-16 17:46 . 2008-01-16 17:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-15 23:24 . 2008-01-15 23:24 <KANSIO> d-------- C:\Program Files\Rainlendar2
2008-01-15 23:24 . 2008-01-20 12:01 <KANSIO> d-------- C:\Documents and Settings\Tontttu\.rainlendar2
2008-01-15 22:35 . 2008-01-15 22:35 <KANSIO> d-------- C:\Program Files\Sidebar
2008-01-15 22:23 . 2008-01-15 22:31 <KANSIO> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-01-15 20:30 . 2008-01-15 20:30 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-01-15 20:29 . 2008-01-15 20:32 <KANSIO> d-------- C:\Program Files\Canon
2008-01-15 20:22 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-15 20:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-15 20:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-15 20:22 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-14 23:29 . 2008-01-14 23:29 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-01-14 23:29 . 2008-01-14 23:29 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-01-14 23:20 . 2008-01-14 23:20 <KANSIO> d-------- C:\Program Files\Nokia
2008-01-14 23:14 . 2008-01-14 23:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-01-12 16:13 . 2008-01-12 16:13 15,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-12 14:57 . 2008-01-12 14:57 <KANSIO> d-------- C:\WINDOWS\Sun
2008-01-12 00:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 00:28 . 2008-01-12 00:29 <KANSIO> d-------- C:\Program Files\Java
2008-01-12 00:25 . 2008-01-12 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-01-11 17:37 . 2008-01-11 17:37 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-11 15:51 . 2008-01-20 11:15 <KANSIO> d-------- C:\Program Files\mIRC63
2008-01-11 14:44 . 2008-01-18 21:43 <KANSIO> d-------- C:\WINDOWS\system32\msview
2008-01-11 14:10 . 2008-01-11 14:10 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-01-11 14:10 . 2008-01-11 14:10 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\SmartFTP
2008-01-11 14:09 . 2008-01-11 14:09 <KANSIO> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-01-10 23:44 . 2008-01-10 23:44 <KANSIO> d-------- C:\Program Files\Google
2008-01-10 19:15 . 2008-01-10 19:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-10 19:09 . 2008-01-10 19:09 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-10 18:59 . 2008-01-10 18:59 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-09 22:20 . 2008-01-09 22:20 <KANSIO> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-09 22:20 . 2008-01-09 22:20 391 --a------ C:\WINDOWS\ODBC.INI
2008-01-09 22:19 . 2008-01-09 22:20 <KANSIO> d-------- C:\WINDOWS\ShellNew
2008-01-09 22:16 . 2008-01-09 22:16 <KANSIO> d-------- C:\Program Files\PowerISO
2008-01-09 21:34 . 2008-01-09 21:34 <KANSIO> d-------- C:\Program Files\Webteh
2008-01-08 23:12 . 2008-01-08 23:12 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Apple Computer
2008-01-08 23:10 . 2008-01-08 23:11 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-08 22:23 . 2008-01-19 23:21 <KANSIO> d-------- C:\Program Files\Total Video Converter
2008-01-08 22:23 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-01-07 21:52 . 2008-01-07 21:52 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-01-07 21:41 . 2008-01-07 21:44 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Phone Browser
2008-01-07 20:41 . 2008-01-14 23:20 <KANSIO> d-------- C:\Program Files\DIFX
2008-01-07 20:41 . 2008-01-07 22:01 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Nokia
2008-01-07 20:41 . 2008-01-07 20:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-07 20:40 . 2008-01-07 20:40 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-01-07 20:40 . 2008-01-07 21:52 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\PC Suite
2008-01-07 20:40 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-07 20:40 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-07 20:40 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-01-07 20:40 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-01-07 20:40 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-01-07 20:32 . 2008-01-07 20:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-07 18:21 . 2008-01-07 18:21 <KANSIO> d-------- C:\Program Files\Lonely Cat Games

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 09:56 138,240 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-20 09:56 1,784,832 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-20 09:53 2,947,584 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-18 21:27 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB109.tmp
2008-01-18 21:25 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB107.tmp
2008-01-18 21:25 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB105.tmp
2008-01-18 21:25 10,752 ----a-w C:\WINDOWS\Internet Logs\xDB108.tmp
2008-01-18 21:25 1,184,768 ----a-w C:\WINDOWS\Internet Logs\xDB106.tmp
2008-01-06 12:03 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-06 08:54 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-06 08:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-06 08:48 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-06 08:48 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-24 11:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 00:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 21:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 21:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-07 09:28 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-22 01:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 01:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-20 04:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 17:03 1913656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 21:11 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29 919280]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Generic Host Process"="C:\WINDOWS\system32\scvhost.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 21:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Generic Host Process"= C:\WINDOWS\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-09-23 10:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 SWAS_Core;SyncThru Web Admin Service;C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [2007-02-09 19:24]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 13:40:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-20 13:41:11
.
2008-01-17 21:49:54 --- E O F ---

Click to expand...

********
********
********

HjT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:06, on 20.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKLM\..\Policies\Explorer\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6412 bytes

Click to expand...

tomato71 · Jan 20, 2008

tämä vielä

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
*Käynnistä tietokone
*Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
*Seuraavaksi pitäisi ilmestyä valikko
*Valitse valikosta vikasietotila.

* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

Tontttu · Jan 21, 2008

SDFixin report.txt:

SDFix: Version 1.129

Run by Tontttu on 2008-01-21 at 16:43

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\DOCUME~1\Tontttu\TYPYT~1\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\ckl009.dat - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 17:31:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Määritettyä tiedostoa ei löydy.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 6

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Tontttu\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!

Click to expand...

HjT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38, on 2008-01-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\Tontttu\Työpöytä\CS2\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5946 bytes

Click to expand...

Tontttu · Jan 21, 2008

No huhhuh, että käynnistyy kone nyt hitaasti. Kaikki menee normaalisti kirjautumiseen asti: sen jälkeen kone menee ihan jumiin, mitään ei saa tehtyä 5-10 minuuttiin. Sen jälkeen käynnistyy autostart-ohjelmat ja sillon alkaa toimia kunnolla. Mitä ihmettä?

Kun sain vihdoin tehtävienhallinnan auki, pääsin kattomaan, mikä vie kaiken prossun. "vsmon.exe" vie tälläkin hetkellä vielä 51%. Käyttäjänimenä SYSTEM, mikä tuo on? Muita systemin prossua vieviä prosesseja on Monitor.exe, ScanningProcess.exe ja Isass.exe. Ite en oo ennen tommosia nähny, mitä noi on?

Kone on uusi, ehkä pari viikkoa käytössä ollut. Vähän myöhään laitoin virustorjunnat, unohtu kokonaan. Prossuna on intel core 2 duo E4600, jos satut sitä johonkin tarviamaan.

tomato71 · Jan 21, 2008

moi
nuo prosessit kuuluu zone alarmiin.onko sinulla käytössä zone alarm pro mikä sisältää virustorjunnan??

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Generic Host Process"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Generic Host Process"=-

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

* Lataa Dr.Web Cureit työpöydällesi: Dr.Web

Tupla klikkaa drweb-cureit.exe ja anna ohjelman tehdä *muistin- /koneen pikatarkistus.
(tämä on vain lyhyt tarkistus)

Kun tarkistus on valmis, pistä ruksi kohtaan *Complete scan*.

Klikkaa vihreää nuolta Dr.Web:in logon alta ,jotta tarkistus käynnistyy.

Kun tarkistus on loppu. Paina *select all*-nappia. Sen jälkeen paina *move*-nappia.

Kohteet siirtyvät karanteeniin seuraavaan %userprofile%\DoctorWeb\quarantine-hakemistoon.

Avaa Dr.Webin työkalurivistä *file* ja paina *Save report list*

Tallenna raportti työpöydälle.Tallenna se nimellä *DrWeb*.

Sulje Dr.web.

Käynnistä kone uudelleen !!Jotta valitut tiedostot poistetaan/siirretään käynnistyksen yhteydessä, karanteeniin.

Kun olet uudelleen käynnistänyt tietokoneesesi, liitä Dr.Web-lokin, sisältö seuraavaan vastaukseesi.

lähetä combofix.txt-tiedoston + drweb-loki

Tontttu · Jan 22, 2008

Moi
Joo, on mulla se, okei.

Combofix:

ComboFix 08-01-20.1 - Tontttu 2008-01-22 20:11:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.424 [GMT 2:00]
Running from: C:\Documents and Settings\Tontttu\Ty”p”yt„\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tontttu\Ty”p”yt„\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-22 to 2008-01-22 )))))))))))))))))
.

2008-01-21 18:41 . 2008-01-22 18:59 <KANSIO> d-------- C:\Program Files\Steam
2008-01-21 16:42 . 2008-01-21 16:42 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-01-20 21:25 . 2008-01-20 21:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-20 17:48 . 2008-01-21 18:36 <KANSIO> d-------- C:\Program Files\The All-Seeing Eye
2008-01-20 14:39 . 2008-01-20 14:40 <KANSIO> d-------- C:\Program Files\Winamp
2008-01-20 14:39 . 2008-01-20 14:42 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Winamp
2008-01-20 13:55 . 2008-01-20 13:55 <KANSIO> d-------- C:\Program Files\Opera
2008-01-20 13:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 12:01 . 2008-01-20 12:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-20 11:54 . 2008-01-20 11:54 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-20 11:51 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-20 01:15 . 2008-01-20 01:15 <KANSIO> d-------- C:\ATI
2008-01-19 19:31 . 2008-01-19 19:31 <KANSIO> d-------- C:\Program Files\Common Files\Thraex Software
2008-01-19 17:35 . 2008-01-21 17:49 <KANSIO> d-------- C:\PacSteam
2008-01-19 13:15 . 2008-01-19 13:15 512 --a------ C:\ScanSectorLog.dat
2008-01-18 23:53 . 2008-01-22 20:00 959 --a------ C:\rollback.ini
2008-01-18 23:34 . 2008-01-18 23:34 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\MailFrontier
2008-01-18 23:31 . 2008-01-22 20:15 10,359,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-18 23:31 . 2008-01-21 23:40 266,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-18 23:31 . 2008-01-21 23:40 139,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-18 23:31 . 2008-01-21 23:40 22,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-18 23:24 . 2008-01-22 20:05 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-01-18 21:11 . 2008-01-22 17:45 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\AVG7
2008-01-18 21:11 . 2008-01-18 21:11 <KANSIO> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-18 21:11 . 2008-01-18 21:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 21:11 . 2008-01-18 21:13 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-18 20:59 . 2008-01-18 23:30 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-18 14:23 . 2008-01-18 14:23 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Locktime
2008-01-18 14:22 . 2008-01-18 14:23 <KANSIO> d-------- C:\Program Files\NetLimiter 2 Pro
2008-01-18 14:22 . 2008-01-18 14:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-01-17 23:49 . 2008-01-17 23:49 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-01-16 18:52 . 2008-01-22 20:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 18:52 . 2008-01-16 18:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 18:48 . 2008-01-16 18:48 <KANSIO> d-------- C:\Program Files\Samsung Network Printer Utilities
2008-01-16 18:47 . 2008-01-16 18:47 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\SmarThru4
2008-01-16 18:46 . 2008-01-16 18:47 <KANSIO> d-------- C:\Program Files\SmarThru 4
2008-01-16 18:46 . 2008-01-16 18:46 <KANSIO> d-------- C:\Program Files\Readiris10
2008-01-16 18:46 . 2008-01-16 18:46 <KANSIO> d-------- C:\Program Files\Common Files\SRC Shared
2008-01-16 18:45 . 2008-01-16 18:45 <KANSIO> d-------- C:\WINDOWS\Samsung
2008-01-16 18:45 . 2007-03-15 12:07 458,752 --a------ C:\WINDOWS\ssndii.exe
2008-01-16 18:45 . 2007-01-12 11:49 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-01-16 18:45 . 2007-01-12 11:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-01-16 18:45 . 2007-01-12 11:49 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
2008-01-16 18:44 . 2007-01-26 10:03 151,552 --a------ C:\WINDOWS\system32\cx21sci.exe
2008-01-16 18:44 . 2007-01-26 10:03 65,536 --a------ C:\WINDOWS\system32\cx21sci.dll
2008-01-16 18:44 . 2007-01-26 10:03 22,723 --a------ C:\WINDOWS\system32\cx21sl3.dll
2008-01-16 18:44 . 2007-01-17 11:23 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
2008-01-16 18:44 . 2007-01-26 10:03 361 --a------ C:\WINDOWS\system32\cx21sl3.smt
2008-01-16 18:43 . 2008-01-16 18:45 <KANSIO> d-------- C:\Program Files\Samsung
2008-01-16 17:46 . 2008-01-16 17:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-15 23:24 . 2008-01-15 23:24 <KANSIO> d-------- C:\Program Files\Rainlendar2
2008-01-15 23:24 . 2008-01-22 17:44 <KANSIO> d-------- C:\Documents and Settings\Tontttu\.rainlendar2
2008-01-15 22:35 . 2008-01-15 22:35 <KANSIO> d-------- C:\Program Files\Sidebar
2008-01-15 22:23 . 2008-01-15 22:31 <KANSIO> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-01-15 20:30 . 2008-01-15 20:30 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-01-15 20:29 . 2008-01-15 20:32 <KANSIO> d-------- C:\Program Files\Canon
2008-01-15 20:22 . 2004-09-14 16:11 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-15 20:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-15 20:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-15 20:22 . 2001-10-05 16:31 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-14 23:29 . 2008-01-14 23:29 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-01-14 23:29 . 2008-01-20 21:23 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-01-14 23:20 . 2008-01-20 21:23 <KANSIO> d-------- C:\Program Files\Nokia
2008-01-14 23:14 . 2008-01-14 23:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-01-12 16:13 . 2008-01-12 16:13 15,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-12 14:57 . 2008-01-12 14:57 <KANSIO> d-------- C:\WINDOWS\Sun
2008-01-12 00:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 00:28 . 2008-01-12 00:29 <KANSIO> d-------- C:\Program Files\Java
2008-01-12 00:25 . 2008-01-12 00:25 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-01-11 17:37 . 2008-01-11 17:37 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-01-11 15:51 . 2008-01-20 11:15 <KANSIO> d-------- C:\Program Files\mIRC63
2008-01-11 14:44 . 2008-01-18 21:43 <KANSIO> d-------- C:\WINDOWS\system32\msview
2008-01-11 14:10 . 2008-01-11 14:10 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2008-01-11 14:10 . 2008-01-11 14:10 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\SmartFTP
2008-01-11 14:09 . 2008-01-11 14:09 <KANSIO> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-01-10 23:44 . 2008-01-10 23:44 <KANSIO> d-------- C:\Program Files\Google
2008-01-10 19:15 . 2008-01-10 19:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-10 19:09 . 2008-01-10 19:09 <KANSIO> d-------- C:\Program Files\Bonjour
2008-01-10 18:59 . 2008-01-10 18:59 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-09 22:20 . 2008-01-09 22:20 <KANSIO> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-09 22:20 . 2008-01-09 22:20 391 --a------ C:\WINDOWS\ODBC.INI
2008-01-09 22:19 . 2008-01-09 22:20 <KANSIO> d-------- C:\WINDOWS\ShellNew
2008-01-09 22:16 . 2008-01-09 22:16 <KANSIO> d-------- C:\Program Files\PowerISO
2008-01-09 21:34 . 2008-01-09 21:34 <KANSIO> d-------- C:\Program Files\Webteh
2008-01-08 23:12 . 2008-01-08 23:12 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Apple Computer
2008-01-08 23:10 . 2008-01-08 23:11 <KANSIO> d-------- C:\Program Files\QuickTime
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 23:10 . 2008-01-08 23:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-08 22:23 . 2008-01-19 23:21 <KANSIO> d-------- C:\Program Files\Total Video Converter
2008-01-08 22:23 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-01-07 21:52 . 2008-01-07 21:52 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-01-07 21:41 . 2008-01-20 14:23 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Phone Browser
2008-01-07 20:41 . 2008-01-14 23:20 <KANSIO> d-------- C:\Program Files\DIFX
2008-01-07 20:41 . 2008-01-20 14:24 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\Nokia
2008-01-07 20:41 . 2008-01-07 20:41 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-07 20:40 . 2008-01-07 20:40 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-01-07 20:40 . 2008-01-07 21:52 <KANSIO> d-------- C:\Documents and Settings\Tontttu\Application Data\PC Suite
2008-01-07 20:40 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-01-07 20:40 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 21:40 1,355,776 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-21 16:51 2,062,848 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-21 16:51 1,166,336 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-21 15:03 31,220,858 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_21_00_06_59_full.dmp.zip
2008-01-21 14:38 2,713,600 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-20 20:01 25,545,751 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_20_12_04_20_full.dmp.zip
2008-01-20 09:56 138,240 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-20 09:56 1,784,832 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-20 09:53 2,947,584 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-18 21:27 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB109.tmp
2008-01-18 21:25 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB107.tmp
2008-01-18 21:25 11,264 ----a-w C:\WINDOWS\Internet Logs\xDB105.tmp
2008-01-18 21:25 10,752 ----a-w C:\WINDOWS\Internet Logs\xDB108.tmp
2008-01-18 21:25 1,184,768 ----a-w C:\WINDOWS\Internet Logs\xDB106.tmp
2008-01-06 12:03 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-06 08:54 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-06 08:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-06 08:48 --------- d-----w C:\Program Files\Windows Journal Viewer
2008-01-06 08:48 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-24 11:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 00:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 21:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 21:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-07 09:28 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-22 01:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 01:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-20_13.40.44,23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 11:36:24 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 18:11:19 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 11:36:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 18:11:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 11:36:24 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-22 18:11:19 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 11:36:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 18:11:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 11:36:24 3,366,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-22 18:11:19 3,411,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-20 11:36:24 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 18:11:19 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 05:25:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-21 14:42:33 3,366,912 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-21 14:42:34 221,184 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-19 05:25:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-21 14:42:20 3,366,912 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-21 14:42:20 221,184 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-01-07 18:40:34 3,262 ----a-r C:\WINDOWS\Installer\{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}\ARPPRODUCTICON.exe
+ 2008-01-20 12:10:51 3,262 ----a-r C:\WINDOWS\Installer\{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}\ARPPRODUCTICON.exe
- 2008-01-14 21:29:34 15,086 ----a-r C:\WINDOWS\Installer\{29466F9C-7C6A-419C-B301-F440FAF78760}\ARPPRODUCTICON.exe
+ 2008-01-20 12:11:38 15,086 ----a-r C:\WINDOWS\Installer\{29466F9C-7C6A-419C-B301-F440FAF78760}\ARPPRODUCTICON.exe
+ 2008-01-20 19:24:02 10,134 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\ARPPRODUCTICON.exe
+ 2008-01-20 19:24:02 458,752 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-01-20 19:24:02 8,854 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2008-01-20 19:24:02 458,752 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-01-20 19:24:02 8,854 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\NewShortcut3_0218AAEC43E544B98DA57039780956CE.exe
+ 2008-01-20 19:24:02 8,854 ----a-r C:\WINDOWS\Installer\{3741689E-584D-40C9-B011-373A0371846D}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
- 2008-01-07 18:40:43 10,134 ----a-r C:\WINDOWS\Installer\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}\ARPPRODUCTICON.exe
+ 2008-01-20 12:11:13 10,134 ----a-r C:\WINDOWS\Installer\{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}\ARPPRODUCTICON.exe
+ 2007-03-07 23:51:00 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
+ 2007-03-07 23:51:00 547,576 ------w C:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-03-07 23:51:00 39,672 ------w C:\WINDOWS\system32\vxblock.dll
- 2008-01-20 10:01:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-01-22 15:45:16 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-01-20 11:00:46 584,680 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-01-22 18:00:30 45,672 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-01-18 21:54:05 7,588,909 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-01-22 15:47:02 7,630,022 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-01-20 19:23:42 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-18 21:11 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29 919280]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-18 21:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-09-23 10:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 SWAS_Core;SyncThru Web Admin Service;C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [2007-02-09 19:24]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 20:15:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-22 20:16:35
ComboFix2.txt 2008-01-20 11:41:12
.
2008-01-17 21:49:54 --- E O F ---

Click to expand...

Toi toinen ohjelma ei suostu pysymään mulla auki... "Dr.Web Scanner for Windows on havainnut virheen ja..." Tuo tulee aina, kun koitan avata ohjelman.

tomato71 · Jan 22, 2008

jaahans...

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.Huom!! 1 tiedosto kerralla

C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\system32\cx21sci.exe

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

sitten tällä..

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Tontttu · Jan 23, 2008

Kummastakaan tiedostosta ei löytyny mitään.

F-securen raportti:

Scanning Report
Tuesday, January 22, 2008 22:41:53 - 01:09:15

Computer name: TONI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 8 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System

Win32.Backdoor.CiaDoor (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 385191
* System: 4845
* Not scanned: 43

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 6
* Submitted: 0

Files not scanned:

* ?%Xx?AGEFILE.SYS C:\WINDOWS\TEMP\ZLT0302B.TMP
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\FIDBOX.DAT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\PROGRAM FILES\TOTAL VIDEO CONVERTER\STARBURN_SUPERVIDEOCD.ISO
* C:\PROGRAM FILES\TOTAL VIDEO CONVERTER\STARBURN_VIDEOCD.ISO
* C:\PROGRAM FILES\THOOSJE SIDEBAR V2.3\APPDATA\{CF803823-A125-480C-9B0B-B7EED5FD98C2}.DXSTAT
* C:\Program Files\Common Files\Adobe\Installers\Adobe Photoshop CS3 10.0.log.gz\Adobe Photoshop CS3 10.0.log
* C:\Program Files\Common Files\Adobe\Installers\Adobe Photoshop CS3 10.log.gz\Adobe Photoshop CS3 10.log
* C:\DOWNLOADS\INTO THE WILD PROPER CAM VCD-TWIST. RAR.BC!
* C:\DOWNLOADS\THE.DEPARTED.TELESYNC.XVID-RPT\THE.DEPARTED.TELESYNC.XVID-RPT.CD1.AVI.BC!
* C:\DOWNLOADS\THE.DEPARTED.TELESYNC.XVID-RPT\THE.DEPARTED.TELESYNC.XVID-RPT.CD2.AVI.BC!
* C:\DOCUMENTS AND SETTINGS\TONTTTU\NTUSER.DAT
* C:\Documents and Settings\Tontttu\Ty?p?yt?\R?pellykset\K?nnykk?\K?nnyCD\Ultra\ultimate Nokia collection 6230 etc, wallpapers, ringtones, alers, themes witout password\nokia\[Nokia Games] Zipped.rar\[Nokia Games] Zipped\2004 Real Football-Game For Nokia Phone 6230 & More-Serie 40-Jad & Jar-n6230.rar\2004_Real_Football-N6230\2004_Real_Football-N6230.jad
* C:\Documents and Settings\Tontttu\Ty?p?yt?\R?pellykset\K?nnykk?\K?nnyCD\Ultra\ultimate Nokia collection 6230 etc, wallpapers, ringtones, alers, themes witout password\nokia\[Nokia Games] Zipped\2004RE~1.RAR\2004_Real_Football-N6230\2004_Real_Football-N6230.jad
* C:\Documents and Settings\Tontttu\Ty?p?yt?\R?pellykset\K?nnykk?\K?nnyCD\Games\s40game\4810~1.JAR\1
* C:\Documents and Settings\Tontttu\Ty?p?yt?\R?pellykset\K?nnykk?\K?nnyCD\Games\s40game\JungleCommando.jar\1
* tutorialpipe.txt
* C:\DOCUMENTS AND SETTINGS\TONTTTU\TY?P?YT?\R?PELLYKSET\K?NNYKK?\K?NNYCD\CELL PHONE STUFF\GAMES\SPORTS\MáSOLAT - CBVOLLEYBALL.JAR
* C:\DOCUMENTS AND SETTINGS\TONTTTU\TY?P?YT?\R?PELLYKSET\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\J6PF0ZQ4.SLT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\TONTTTU\TY?P?YT?\R?PELLYKSET\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\J6PF0ZQ4.SLT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\TONTTTU\TY?P?YT?\R?PELLYKSET\APPLICATION DATA\MOZILLACONTROL\PROFILES\MOZILLACONTROL\J6PF0ZQ4.SLT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\TONTTTU\OMAT TIEDOSTOT\CASIO\FA-124\DEFAULT.G1S
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_910.DAT
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\TEMP\~DFA0FD.TMP
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\TEMP\RARSFX0\DWEBLLIO.DLL
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\TONI@ARKKU.NET\SHARINGMETADATA\PENDING.DAT
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\TONI@ARKKU.NET\SHARINGMETADATA\WORKING\DATABASE_54E4_1F74_E41F_5816\DFSR.DB
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\TONI@ARKKU.NET\SHARINGMETADATA\WORKING\DATABASE_54E4_1F74_E41F_5816\FSR.LOG
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\TONI@ARKKU.NET\SHARINGMETADATA\WORKING\DATABASE_54E4_1F74_E41F_5816\FSRTMP.LOG
* C:\DOCUMENTS AND SETTINGS\TONTTTU\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\TONI@ARKKU.NET\SHARINGMETADATA\WORKING\DATABASE_54E4_1F74_E41F_5816\TMP.EDB
* C:\DOCUMENTS AND SETTINGS\TONTTTU\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8L6LWOWD.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\NETWORKSERV!

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2008-01-22
* F-Secure AVP: 7.0.171, 2008-01-22
* F-Secure Orion: 1.2.37, 2008-01-22
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0619-150-72
* F-Secure Pegasus: 1.19.0, 2008-00-16

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Click to expand...

tomato71 · Jan 24, 2008

Win32.Backdoor.CiaDoor (spyware)

* System (Disinfected)
Click to expand...

pakko saada tietää missä tuo on,f-securen online skanneri ei aina kerro mistä se löysi sen

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.

Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.

Klikkaa nyt asetuksia, Scan Settings

Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Klikkaa OK

Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer

Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.

Klikkaa nyt Save as Text-painiketta.

Tallenna tiedosto työpöydällesi.

Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi

Tontttu · Jan 25, 2008

tomato71 said:

pakko saada tietää missä tuo on,f-securen online skanneri ei aina kerro mistä se löysi sen

Click to expand...

Höh... :S

Tässä kasperskyn raportti: http://www.neitsikka.net/kaspersky.htm

tomato71 · Jan 25, 2008

ok
Kaspersky ei löytäny ku mIRC ja C:\Documents and Settings\Tontttu\Ty�p�yt�\R�pellykset\K�nnykk�\K�nnyCD\Games\New\3\Apps e games\Apps\ActiveViewer\vnc-3.3.7-x86_win32.zip = mikä on not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
ei hätää
laita vielä uusi hjt-loki

Tontttu · Jan 25, 2008

Onko tossa mircissä tosiaan jotain, kun kokoajan joko AVG tai ZoneAlarm itkee siitä? :S

HjT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:31:16, on 26.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncThru Web Admin Service (SWAS_Core) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6972 bytes

Click to expand...

Kone hidastelee käynnistyessä vieläkin... Parhaimmillaan joutuu pari kertaa käynnistämään uusiks, kun menee ihan kunnolla jumiin eikä tee mitään.

tomato71 · Jan 26, 2008

ok
mikä versio zone alarmist sinulla on,eihän se ole se zone mikä sisältää virustorjunnan ???

putsaa kone

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTMoveIt ja tallenna se työpöydällesi.

*TuplaklikkaaOTMoveIt.exe.
*Klikkaa CleanUp!.
*Valitse Yes kun kysytään "Begin cleanup Process?".
*Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
*OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

Lataa CCleaner tästä
*Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
*Asennuksen jälkeen aukaise CCleaner.
*Valitse vasemmalta pystyrivistä Options.
*Valitse viereisestä pystyrivistä Settings.
*Language kohtaan valitse Suomi.
Puhdistaja
*Valitse vasemmalta pystyrivistä Puhdistaja.
*Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
*Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
*Valitse vasemmalta pystyrivistä Virheet.
*Paina alhaalta Etsi rekisterin virheitä.
*Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
*Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
*Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
*Saat vielä varmistus kysymyksen, paina Ok.
*Kun virheet on korjattu, paina Sulje.
*Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

Putsaa järjestelmän palautus:

1. Klikkaa oikealla oma tietokone-kuvaketta (hiiren oikealla napilla)
2. Valitse ominaisuudet (alin vaihtoehto)
3. Valitse järjestelmän palauttaminen välilehti
4. Valitse poista järjestelmän palauttaminen käytöstä (laita ruksi)
5. Paina käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin(ota ruksi pois)

Tontttu · Jan 26, 2008

Moro.
Tämmönen versio mulla on zonealarmista.

Koneen käynnistyessä nykyään mikään ohjelma ei suostu aukemaan, tulee vain virheilmoitus, että polkua ei pystytä määrittämään tai ei ole vaadittavia oikeuksia. Tai jotain sinnepäin. Heti toimii, kun sammuttaa zonealarmin...

tomato71 · Jan 26, 2008

siitä zonesta on tullu aika huono
vaiha palomuuri ja kokeile toimisko paremmin
tästä löytyy vaihtoehtoja
http://www.virustorjunta.net/modules.php?name=Downloads&d_op=viewdownload&cid=7

Log in or Sign up

Poistiko AVG väärän tiedoston?

Tontttu Member

tomato71 Regular member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Share This Page

Log in or Sign up

Poistiko AVG väärän tiedoston?

Tontttu Member

tomato71 Regular member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Tontttu Member

tomato71 Regular member

Share This Page

Useful Searches