Trojan Horse Generic 2. EXO

Ei ole ongelma siellä päässä. Jos tuo ei toimi, niin ajas tämä:

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

Tässä nämä.

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 57134
Number of viruses found 4
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 02:41:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Ale\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\history.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\key3.db Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Mozilla\Firefox\Profiles\4kw4gkd3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\call256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chat512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\index2.dat Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\profile256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\user1024.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\user16384.dbb Object is locked skipped
C:\Documents and Settings\Ale\Application Data\Skype\alekko21\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Ale\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\ApplicationHistory\CLI.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\History\History.IE5\MSHist012006111120061112\index.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\hsperfdata_Ale\3060 Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_81c.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_b68.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temp\Perflib_Perfdata_d9c.dat Object is locked skipped
C:\Documents and Settings\Ale\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ale\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ale\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Downloads\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Downloads\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log Object is locked skipped
C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx Object is locked skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP376\A0042041.dll Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP377\A0043085.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP377\A0043316.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP378\A0043333.dll Object is locked skipped
C:\System Volume Information\_restore{AF138A5C-8439-425B-AEC2-5AC8DE86E2FD}\RP378\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_1.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_2.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_3.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_4.VOB Object is locked skipped
D:\warez\torrent\L'ENNUI\VIDEO_TS\VTS_01_5.VOB Object is locked skipped
D:\warez\torrent\THE_VALLEY_OF_THE_WIND_1.ISO Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_1.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_2.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_3.VOB Object is locked skipped
D:\warez\torrent\Volume 1\VIDEO_TS\VTS_01_4.VOB Object is locked skipped
Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 19:21:17, on 11.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe
C:\Documents and Settings\Ale\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.sf-anytime.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129653370468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

 

Järj.palautuksessa on örkkejä, muuten ok. Vielä ongelmia?

 

Eli siis millä tavalla nämä örkit sitten vaikuttavat järjestelmän palautukseen?
No AVG:n virus vaultissa on se 5 virusta:
1.c:\windows\system32\ismini.exe (TH downloader.ZLOB.EUN)
2.c:\DOCUME~1\Ale\LOCALS~1\Temp\npmflhub.dll(TH Generic2.GGN)
3.c:\System Volume Information\_restore{AF138.... (sama kuin 1.)
4.c:\program files\Common Files\{349C09.....(sama kuin 2, paitsi EXO-loppuinen.)filename Activate.exe
5.Täysin sama kuin 3, mutta tämän filename on A0040898.exe ja kolmosen filename on A0042083.exe

Eli näillekkö ei tarvitse enää tehdä mtn?nyt on kone toiminut suht normaalisti. pientä tökkimistä, varsinkin explorerin kanssa(tosin Mozillaa käytän 99%)

 

Tyhjennä AVG:n virus vault

Tyhjennä järjestelmän palatus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Päivitä Java.

 

Jeps, eli tein tuon. Muuten C-aseman monitoring oli jo poissa päältä statuksessa, jos sillä merkitystä. En pysty vaan suorittamaan "heal objects"-komentoa, en edes vikasietotilassa..eli käytänkö siis komentoa "wipe objects"/"empty vault" vai "delete files"-komentoa, ja poistan ne lopullisesti koneelta?

 

Delete files mieluummin.

 

Jeps, eli deletoin ne kaikki.Yön aikana oli ilmestynyt vaultiin vielä tällainen: C:\Vundofix Backups\vtutr.dll.bad(Trojan Horse Lop.AQ)? Kiitoksia suunnattomasti avusta!On se hienoa kun mies jaksaa auttaa tietämättömiä!!

 

Se on VundoFixin löydöksistään tekemä backuppi, ei mitään vaarallista.