Tietoa näistä viruksista kiitos.

Joo. Totta, olenkin ihmetellyt missä Toymaatti on piileskellyt =) Nyt jos ei loki tuu puhtaaks, kun on sekä Toymaatti että Kemisti niin on kyllä.......

 

tässä on sen evidon scannin reportti:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:35:20, 22.9.2005
+ Report-Checksum: 39CE86C2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{C398F337-51D5-40C3-AA3B-684E833D8888} -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Classes\Tetra.Tetra -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Classes\Tetra.Tetra\CLSID -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Classes\Tetra.Tetra\CurVer -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5FC3BB0F-D421-4587-AA1F-0E27358E0905} -> Spyware.eAcceleration : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-1229272821-1343024091-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-1229272821-1343024091-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Koti\Application Data\Mozilla\Firefox\Profiles\ksljhk5l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Koti\Cookies\koti@microsofteup.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Koti\Cookies\koti@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Koti\Local Settings\Temp\Cookies\koti@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Koti\Local Settings\Temp\Cookies\koti@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Koti\Local Settings\Temp\Temporary Internet Files\Content.IE5\THKYT3CN\pokapoka69[1].exe -> Trojan.EliteBar.c : Cleaned with backup
C:\Documents and Settings\Koti\Local Settings\Temporary Internet Files\Content.IE5\09OLUJST\pokapoka67[1].exe -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\1.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\1xa.exe -> Spyware.WinAD : Cleaned with backup


::Report End

......Katson tuota toymaatin juttua huomenna..

 

noniin!! nyt näyttää jo hijackin logikin valoisalta tuon toymaatin vinkin jälkeen.. eli tässä on se logi, ei pitäisi olla mitään ihmeellistä?

Logfile of HijackThis v1.99.1
Scan saved at 16:51:55, on 22.9.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Toivottavasti nyt ei enää örkit vaivaa..? Kiitoksia kaikille auttajille!! loistavaa että maailmassa on tuollaisia kuin te. D

 

Jep, kunnossa on. Ole hyvä vaan

 

no hyvä!! olisiko vielä ohjeita tulevalle? eli miten voin estää sen ettei örkkejä tule enää tulevaisuudessa?

 

Huolehdi viruspäivityksistä ja palommurista, käytä selaimena Firefoxia ja käytä spywaren torjuntaohjelmia (Spywareblaster, Ad-aware, Spybot jne.) ja älä käy "hämärillä" sivuilla

 

ookoo. kiitoksia vielä kerran kaikesta avusta.