Noniiin. Eli, eilen huomasin koneella seuraavanlaisen ongelman: Tuossa kaverin kanssa kateltiin jotain animepätkiä netistä, niin alkoi yhtäkkiä selaimen sivuja auella itestään.. Mainoksia ym mutta yleisin oli Antivirus360-ikkuna, joka suoritti aina jonkun nettiskannauksen ja valitti niin monesta errorista ym ym.. Nooh, aikani konetta tutkin, enkä löytäny mitään kummosempia. Ajoin HJT lokin joka näytti silloin tältä: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:15, on 15.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Winamp\winamp.exe C:\HJT\HiJackThis_v2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0aca4b0c-e0d2-485f-a65a-6c5f88f51ba2} - C:\WINDOWS\system32\wetutibe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe O4 - HKLM\..\Run: [keyisajedi] Rundll32.exe "C:\WINDOWS\system32\sufogebo.dll",s O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [4c6552f7] rundll32.exe "C:\WINDOWS\system32\vodawoja.dll",b O4 - HKLM\..\Run: [CPM4f56616b] Rundll32.exe "c:\windows\system32\dipitiwo.dll",a O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "e:\valve\steam.exe" -silent O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-19\..\Run: [keyisajedi] Rundll32.exe "C:\WINDOWS\system32\sufogebo.dll",s (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\zasipubo.dll c:\windows\system32\dipitiwo.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dipitiwo.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dipitiwo.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) -- End of file - 9607 bytes Muuta en tuosta osannut tehdä, kuin korjasin tuon : O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup Sitten loppu sen antivirus 360- ikkunan ilmestyminen, mutta silti tulee jotain casino-popuppeja ja Personal AntiSpy- scheissee.. Avira Antivirilla skannasin koneen, se löysi muutaman haittakohteen joista toinen oli juurikin tuo SpyNoMore.. Selaimena käytän Mozillaa mutta IE ei päästä välillä myöskään kaikille sivuille. Eli jos tuosta sönkotyksestä jotain selvää saitte niin kiitoksia avusta jo etukäteen.
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi ============== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
No niin, seuraavaa: Malwarebytes' Anti-Malware 1.31 Tietokantaversio: 1506 Windows 5.1.2600 Service Pack 2 16.12.2008 14:10:38 mbam-log-2008-12-16 (14-10-38).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|) Tarkistetut kohteet: 142359 Kulunut aika: 3 hour(s), 25 minute(s), 5 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 8 Saastuneita rekisteriavaimia: 8 Saastuneita rekisteriarvoja: 6 Saastuneita rekisterikohteita: 7 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 21 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: C:\WINDOWS\system32\yunewoti.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\zeteyiwu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yibatowu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\bodevaze.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\lisuzise.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nadihozi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\kuvutivu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\dipitiwo.dll (Trojan.Vundo) -> Delete on reboot. Saastuneita rekisteriavaimia: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0aca4b0c-e0d2-485f-a65a-6c5f88f51ba2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0aca4b0c-e0d2-485f-a65a-6c5f88f51ba2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0aca4b0c-e0d2-485f-a65a-6c5f88f51ba2} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c6552f7 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f56616b (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\keyisajedi (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Local Security Authority Service (Backdoor.Bot) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yibatowu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yibatowu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yibatowu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bodevaze.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bodevaze.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lisuzise.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lisuzise.dll -> Quarantined and deleted successfully. Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\WINDOWS\system32\jisujula.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alujusij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vodawoja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ajowadov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yunewoti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\itowenuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zeteyiwu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\uwiyetez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. c:\WINDOWS\system32\lisuzise.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nadihozi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hosidini.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yibatowu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\bodevaze.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\kuvutivu.dll (Trojan.Vundo) -> Delete on reboot. c:\WINDOWS\system32\dipitiwo.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\F4int\Local Settings\Temporary Internet Files\Content.IE5\894XQZWH\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\defufigu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sufogebo.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wetutibe.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\zasipubo.dll.tmp (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kuhudana.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. Ja Combofixin raportti: ComboFix 08-12-15.04 - F4int 2008-12-16 14:32:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1023.520 [GMT 2:00] Sijainti: c:\documents and settings\F4int\Työpöytä\ComboFix.exe VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\F4int\Local Settings\Temporary Internet Files\tpg.ico c:\documents and settings\J„rjestelm„nvalvoja\Local Settings\Temporary Internet Files\ c:\windows\system32\AutoRun.inf ----- BITS: Mahdollisesti saastuneet sivut ----- hxxp://77.74.48.105 . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-16 to 2008-12-16 ))))))))))))))))) . 2008-12-16 11:18 . 2008-12-16 11:18 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Last.fm 2008-12-16 11:16 . 2008-12-16 11:16 <KANSIO> d-------- c:\program files\Last.fm 2008-12-16 10:41 . 2008-12-16 10:41 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-16 10:41 . 2008-12-16 10:41 <KANSIO> d-------- c:\documents and settings\F4int\Application Data\Malwarebytes 2008-12-16 10:41 . 2008-12-16 10:41 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-16 10:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-16 10:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-14 21:11 . 2008-12-14 21:11 1,152 --a------ c:\windows\system32\windrv.sys 2008-12-14 21:10 . 2008-12-14 22:23 <KANSIO> d-------- c:\program files\SpyNoMore 2008-12-14 21:10 . 2008-12-14 21:10 <KANSIO> d-------- c:\program files\Common Files\Download Manager 2008-12-06 15:47 . 2008-12-06 15:47 244 --ah----- C:\sqmnoopt19.sqm 2008-12-06 15:47 . 2008-12-06 15:47 232 --ah----- C:\sqmdata19.sqm 2008-12-01 10:13 . 2008-12-01 10:13 <KANSIO> d-------- c:\documents and settings\Vieras\Application Data\PC Suite 2008-11-21 17:26 . 2008-11-21 17:26 <KANSIO> d--h----- c:\windows\system32\GroupPolicy 2008-11-16 21:45 . 2008-11-16 23:19 <KANSIO> d-------- c:\program files\BBViewer 2008-11-16 15:58 . 2001-08-18 06:36 8,704 --a------ c:\windows\system32\kbdjpn.dll 2008-11-16 15:58 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll 2008-11-16 15:58 . 2001-08-18 06:36 8,192 --a------ c:\windows\system32\kbdkor.dll 2008-11-16 15:58 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd106.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll 2008-11-16 15:58 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll 2008-11-16 15:58 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll 2008-11-16 15:58 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 14:37 --------- d-----w c:\program files\DC++ 2008-11-10 10:53 --------- d-----w c:\documents and settings\F4int\Application Data\BitTorrent 2008-11-03 16:18 --------- d-----w c:\program files\SEGA 2008-11-03 16:17 737,280 ----a-w c:\windows\iun6002.exe 2008-11-02 10:07 --------- d-----w c:\program files\RevConnect 2008-10-25 12:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-18 21:55 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-17 15:56 --------- d-----w c:\program files\NetLimiter 2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-07-06 11:45 0 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2008-06-23 18:56 88 --sh--r c:\windows\system32\06CA4C6D9A.sys 2008-06-23 18:57 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Steam"="e:\valve\steam.exe" [2008-10-08 1410296] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-16 37376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-12-27 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-14 15360] c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-17 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-17 696320] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= , [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\RevConnect\\DCPlusPlus.exe"= "e:\\Games\\F.E.A.R\\FEAR.exe"= "c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avwsc.exe"= R0 avgntmgr;avgntmgr;c:\windows\system32\DRIVERS\avgntmgr.sys [2008-02-15 22336] R0 d344bus;d344bus;c:\windows\system32\DRIVERS\d344bus.sys [2008-03-26 137216] R0 d344prt;d344prt;c:\windows\system32\Drivers\d344prt.sys [2008-03-26 5248] R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2008-02-15 45376] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2008-03-01 13724] S3 MODRC;Ultima Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2008-04-24 13440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . . ------- Täydentävä tarkistus ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\program files\NetLimiter\nl_lsp.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\F4int\Application Data\Mozilla\Firefox\Profiles\q05zedyz.default\ FF - prefs.js: browser.startup.homepage - www.google.fi FF - plugin: c:\program files\DNA\plugins\npbtdna.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 14:35:34 Windows 5.1.2600 Service Pack 2 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(780) c:\program files\NetLimiter\nl_lsp.dll c:\windows\system32\nl_msgc.dll . Valmistumisajankohta: 2008-12-16 14:37:23 ComboFix-quarantined-files.txt 2008-12-16 12:36:25 Ennen ajoa: 1,300,742,144 tavua vapaana Ajon jälkeen: 2,329,001,984 tavua vapaana 176 --- E O F --- 2008-10-08 22:30:55 Eli eli, nyt on nuo ajettu, ainakaan vielä nyt ei hirveimpiä häikkiä näy koneella eli oliskohan ongelma ratkennut. Tuota Palautuskonsolia en toisella kerralla enää ladannut, koska ensimmäisellä yrittämällä siinä kestikin about 20 min ilman että mitään tapahtu.. Johtuko sitten siitä että yritti mikkisoftan sivuilta ladata jtn ja mulla ei toi wintoosa niitä aidoimpia ole, dunno. Mutta jos ongelma tällä ratkesi niin isot kiitokset Hujolle ja koko Afterdawnin tiimille. Merry X-Mas!
scannaas hjt:n loki uusi Ota viellä Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Ensin HJT-loki: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:55:46, on 16.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\HJT\HiJackThis_v2.0.2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "e:\valve\steam.exe" -silent O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: , O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) -- End of file - 8888 bytes Sitten Uninstall-lista: ¨32 Bit HP CIO Components Installer Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Suomi Adobe Shockwave Player Apple Mobile Device Support -tuki Apple Software Update ArtecMedia T14BR DVBT Player 4.0.0.24 ATI Catalyst Control Center ATI Display Driver Avira AntiVir Personal - Free Antivirus BSPlayer Calculator Powertoy for Windows XP CDDRV_Installer Colin McRae Rally 2005 Counter-Strike: Source DAEMON Tools DC++ 0.708 Devil Inside DivX Web Player F-22 Lightning 3 Demo FEAR Half-Life 2: Demo Half-Life 2: Episode One Half-Life 2: Lost Coast Half-Life(R) 2 HijackThis 2.0.2 Hotfix-päivitys Windows XP:lle (KB952287) HP Customer Participation Program 9.0 HP Deskjet All-In-One Software 9.0 HP Imaging Device Functions 9.0 HP Photosmart Essential 2.01 HP Smart Web Printing HP Solution Center 9.0 HP Update HPSSupply Intel Application Accelerator Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet Java(TM) 6 Update 5 KhalInstallWrapper K-Lite Codec Pack 3.9.0 Full Last.fm 1.5.2.38918 Logitech Desktop Messenger Logitech iTouch -ohjelmisto Logitech Registration Logitech SetPoint Malwarebytes' Anti-Malware Messenger Plus! Live Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.4) MSVC80_x86 MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MXAir Tutorial Nero Suite NetLimiter 1.30 (remove only) NHL® 08 Nokia Connectivity Cable Driver Nokia PC Suite Nokia PC Suite OpenOffice.org Installer 1.0 Paint.NET v3.22 PC Connectivity Solution Pcsx2 0.9.4 Watermoose PowerDVD PowerISO Pro Pilkki 2 Project64 1.6 Päivitys Windows XP:lle (KB894391) Päivitys Windows XP:lle (KB898461) Päivitys Windows XP:lle (KB900485) Päivitys Windows XP:lle (KB908531) Päivitys Windows XP:lle (KB910437) Päivitys Windows XP:lle (KB911280) Päivitys Windows XP:lle (KB916595) Päivitys Windows XP:lle (KB920872) Päivitys Windows XP:lle (KB922582) Päivitys Windows XP:lle (KB927891) Päivitys Windows XP:lle (KB930916) Päivitys Windows XP:lle (KB936357) Päivitys Windows XP:lle (KB938828) Päivitys Windows XP:lle (KB942763) Päivitys Windows XP:lle (KB942840) Päivitys Windows XP:lle (KB951072-v2) QuickTime Race Driver 3 RevConnect Shockwave SoundMAX SqrSoft® Advanced Crossfading (remove only) Steam(TM) StyleXP (remove only) Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Media Player 6.4:lle (KB925398) Suojauspäivitys Windows Media Player 9:lle (KB936782) Suojauspäivitys Windows Media Playerille (KB911564) Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB900725) Suojauspäivitys Windows XP:lle (KB901017) Suojauspäivitys Windows XP:lle (KB901214) Suojauspäivitys Windows XP:lle (KB902400) Suojauspäivitys Windows XP:lle (KB905414) Suojauspäivitys Windows XP:lle (KB905749) Suojauspäivitys Windows XP:lle (KB908519) Suojauspäivitys Windows XP:lle (KB911562) Suojauspäivitys Windows XP:lle (KB911927) Suojauspäivitys Windows XP:lle (KB913580) Suojauspäivitys Windows XP:lle (KB914388) Suojauspäivitys Windows XP:lle (KB914389) Suojauspäivitys Windows XP:lle (KB918118) Suojauspäivitys Windows XP:lle (KB918439) Suojauspäivitys Windows XP:lle (KB919007) Suojauspäivitys Windows XP:lle (KB920213) Suojauspäivitys Windows XP:lle (KB920670) Suojauspäivitys Windows XP:lle (KB920683) Suojauspäivitys Windows XP:lle (KB920685) Suojauspäivitys Windows XP:lle (KB922819) Suojauspäivitys Windows XP:lle (KB923191) Suojauspäivitys Windows XP:lle (KB923414) Suojauspäivitys Windows XP:lle (KB923980) Suojauspäivitys Windows XP:lle (KB924270) Suojauspäivitys Windows XP:lle (KB924496) Suojauspäivitys Windows XP:lle (KB924667) Suojauspäivitys Windows XP:lle (KB925902) Suojauspäivitys Windows XP:lle (KB926255) Suojauspäivitys Windows XP:lle (KB926436) Suojauspäivitys Windows XP:lle (KB927779) Suojauspäivitys Windows XP:lle (KB927802) Suojauspäivitys Windows XP:lle (KB928255) Suojauspäivitys Windows XP:lle (KB928843) Suojauspäivitys Windows XP:lle (KB929123) Suojauspäivitys Windows XP:lle (KB930178) Suojauspäivitys Windows XP:lle (KB931261) Suojauspäivitys Windows XP:lle (KB931784) Suojauspäivitys Windows XP:lle (KB932168) Suojauspäivitys Windows XP:lle (KB933729) Suojauspäivitys Windows XP:lle (KB935839) Suojauspäivitys Windows XP:lle (KB935840) Suojauspäivitys Windows XP:lle (KB936021) Suojauspäivitys Windows XP:lle (KB937894) Suojauspäivitys Windows XP:lle (KB938127) Suojauspäivitys Windows XP:lle (KB941202) Suojauspäivitys Windows XP:lle (KB941644) Suojauspäivitys Windows XP:lle (KB941693) Suojauspäivitys Windows XP:lle (KB943055) Suojauspäivitys Windows XP:lle (KB943460) Suojauspäivitys Windows XP:lle (KB943485) Suojauspäivitys Windows XP:lle (KB944338) Suojauspäivitys Windows XP:lle (KB944653) Suojauspäivitys Windows XP:lle (KB945553) Suojauspäivitys Windows XP:lle (KB946026) Suojauspäivitys Windows XP:lle (KB948590) Suojauspäivitys Windows XP:lle (KB950749) Suojauspäivitys Windows XP:lle (KB950759) Suojauspäivitys Windows XP:lle (KB950760) Suojauspäivitys Windows XP:lle (KB950762) Suojauspäivitys Windows XP:lle (KB950974) Suojauspäivitys Windows XP:lle (KB951376-v2) Suojauspäivitys Windows XP:lle (KB951698) Suojauspäivitys Windows XP:lle (KB951748) Suojauspäivitys Windows XP:lle (KB952954) Sygate Personal Firewall TBS WMP Plug-in TV Jukebox 3.0 TVUPlayer 2.3.6.1 USB PC Camera(ZS0211) Wild Metal Country Mag Demo 1.1 Winamp Windows Driver Package - Ultima (mod7700) Media (02/19/2007 3.6.0.1) Windows Driver Package - Ultima (MODRC) HIDClass (02/06/2007 2.0.1.0) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live installer Windows Live Messenger Windows Liven kirjautumisavustaja Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 Windowsin ohjainpaketti - Nokia Modem (03/05/2008 3.7) Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8) Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1) Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0) WinRAR archiver World Snooker Championship 2005
Poista lisää poista sovelutuksesta Logitech Desktop Messenger ================= scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O20 - AppInit_DLLs: , ========================= Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. Lataa täältä uusi java Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: * Applications and Applets * Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi. ================= Lataa Atribunen ATF Cleaner Ohjeet; Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All Klikkaa Empty Selected valintaa. Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All Klikkaa Empty Selected valintaa taas. HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy. Klikkaa Exit päävalikosta sulkeaksesi ohjelman. Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
Uusi HJT-loki: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:40:06, on 16.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HiJackThis_v2.0.2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "e:\valve\steam.exe" -silent O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: HP-leikekirja - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart -valitse - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) -- End of file - 8384 bytes Javara-loki: JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Dec 16 23:18:47 2008 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.
Niiin no nyt huomasin sellasen jutun, (ei hätää, selaimet ym näyttävät pelaavan nyt hyvin) että ainakin tämä Afterdawnin sivusto muuttui aikalailla sinertäväksi ^^ Eli se peruspohjaväri hävisi koko sivustosta ja tilalle tällainen sinertävä what-so-ever Johtuko sitten tuosta välimuistin ja evästeiden ym tyhjentämisestä, tiedä häntä
joo kyllä se palaa takasin normaaliin kun suljet selaimen ja taas aukaset. =============== Lataa SmitfraudFix (c) S!Ri Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi: Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita ponnahtava rapport – muistion sisältö viestiketjuusi. Löytyy myös C:\rapport.txt Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
SmitFraudFix v2.387 Scan done at 18:36:54,96, ke 17.12.2008 Run from C:\Documents and Settings\F4int\Ty”p”yt„\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\F4int »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\F4int\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\F4int\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\F4int\Suosikit »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Paketinajoituksen miniportti DNS Server Search Order: 10.0.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\..\{286D36B1-FA94-4467-AD6F-976D2BE3E3CE}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS1\Services\Tcpip\..\{286D36B1-FA94-4467-AD6F-976D2BE3E3CE}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\..\{286D36B1-FA94-4467-AD6F-976D2BE3E3CE}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Kirjoita suorita luukkuun ComboFix /u paina ok ============= Lataa OTMoveIt OTMoveIt ja tallenna se työpöydällesi. Tuplaklikkaa OTMoveIt.exe. Klikkaa CleanUp!. Valitse Yes kun kysytään "Begin cleanup Process?". Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse. HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
