Windowsin virheilmoitus avattaessa ohjelmaa

Koneellani on Windows XP Home Edition. Käyttöjärjestelmää ladattaessa
näytölle ilmestyy aina seuraava virheilmoitus: "Kohdetta C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe ei löydy". Kyseiseen tiedostoon oli ilmeisesti pesiytynyt virus tai haittaohjelma ja virustutka on poistanut ko. tiedoston. Löytyisiko ketään viisasta joka osaisi neuvoa miten ongelma korjataan???

 

IBM00001.EXE - Trojan.IBM/Shell.Process - is a trojan that installs under
the Microsoft Shared folder in Common Files under Program Files.
This application is most likely downloaded and installed by another
application that is considered to be adware or spyware.

Käynnistä-valikko -> Suorita -> regedit.exe -> OK

Etsi "ibm00001.exe" ja poista rekisteristä kaikki kohdat missä on:

"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

edit: Ja asenna koneeseen Microsoft Windows AntiSpyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ohjelma estää KAIKKIEN haittaohjelmien asentumisen rekisteriin käynnistyväksi.

 

Lähetä HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe .
Tallenna hakemistoon c:\hjt\, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

Tutkimme onko paljon örkkejä ja puhdistetaan kone.

 

Kiitos Hannu80!! Antamillasi ohjeilla "herja poistui"

Tässä rekisterilogia:

Logfile of HijackThis v1.99.1
Scan saved at 18:34:35, on 17.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmatiedostot\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmatiedostot\Spamihilator\spamihilator.exe
D:\Ohjelmatiedostot\Avant Browser\avant.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Jukka\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Ohjelmatiedostot\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Ohjelmatiedostot\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Search -työkalurivi Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spamihilator] "D:\Ohjelmatiedostot\Spamihilator\spamihilator.exe"
O8 - Extra context menu item: &Download with &DAP - D:\Ohjelmatiedostot\DAP\dapextie.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Add to AD Black List - D:\Ohjelmatiedostot\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - D:\Ohjelmatiedostot\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?34a8f203669d47d5a2f2c9ccda4ead27
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?34a8f203669d47d5a2f2c9ccda4ead27
O8 - Extra context menu item: Block All Images from the Same Server - D:\Ohjelmatiedostot\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - D:\Ohjelmatiedostot\DAP\dapextie2.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Etsi - D:\Ohjelmatiedostot\Avant Browser\Search.htm
O8 - Extra context menu item: Highlight - D:\Ohjelmatiedostot\Avant Browser\Highlight.htm
O8 - Extra context menu item: Korosta - D:\Ohjelmatiedostot\Avant Browser\Highlight.htm
O8 - Extra context menu item: Lisää mainostenestolistalle - D:\Ohjelmatiedostot\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Ohjelmatiedostot\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - D:\Ohjelmatiedostot\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - D:\Ohjelmatiedostot\Avant Browser\Search.htm
O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - D:\Ohjelmatiedostot\Avant Browser\AddAllToADBlackList.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members26.clubphoto.com/_img/uploader/atl_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130776127734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://194.142.111.124/twupd/classes/XUpload.ocx
O16 - DPF: {EB289CB4-C028-4883-92D4-E430BC7D45A7} (Sm3LicenseCheck Library) - http://www.iolo.com/sm/ocx/Sm3LicenseCheck.ocx
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\ezspp.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Ohjelmatiedostot\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Ohjelmatiedostot\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

Onko mitään tehtävissä?? Laajakaistayhteyskin pätkii, vaikka tekninen
tuki väittää, että yhteys on kunnossa??!!

 

Poista lisää/poista sovelluksia kautta

WebHancer

Fixaa nämä HjT:lla
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
O9 - Extra button: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Turbo Memory Charger - {ECC5778A-6E89-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )

Poista nämä jos löytyy:
c:\====>secure32.html<=====
C:\WINDOWS\System32\===>shdocvw.dll<====

Laita uusi loki

 

En yhtään ihmettele sillä sinun yhteytesi kaapattiin WebHancer toimesta.
Tee spertin ohjeiden mukaan niin pääset eroon siittä.

 

Logfile of HijackThis v1.99.1
Scan saved at 18:10:04, on 18.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ohjelmatiedostot\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fi-fi\msn_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Ohjelmatiedostot\Spamihilator\spamihilator.exe
C:\Program Files\MSN Toolbar Suite\AU\02.05.0000.1105\fi-fi\msnappau.exe
C:\Documents and Settings\Jukka\Työpöytä\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Ohjelmatiedostot\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Ohjelmatiedostot\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Search -työkalurivi Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spamihilator] "D:\Ohjelmatiedostot\Spamihilator\spamihilator.exe"
O8 - Extra context menu item: &Download with &DAP - D:\Ohjelmatiedostot\DAP\dapextie.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll/search.htm
O8 - Extra context menu item: Add to AD Black List - D:\Ohjelmatiedostot\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - D:\Ohjelmatiedostot\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/230?34a8f203669d47d5a2f2c9ccda4ead27
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fi-fi\msntabres.dll/229?34a8f203669d47d5a2f2c9ccda4ead27
O8 - Extra context menu item: Block All Images from the Same Server - D:\Ohjelmatiedostot\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - D:\Ohjelmatiedostot\DAP\dapextie2.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Etsi - D:\Ohjelmatiedostot\Avant Browser\Search.htm
O8 - Extra context menu item: Highlight - D:\Ohjelmatiedostot\Avant Browser\Highlight.htm
O8 - Extra context menu item: Korosta - D:\Ohjelmatiedostot\Avant Browser\Highlight.htm
O8 - Extra context menu item: Lisää mainostenestolistalle - D:\Ohjelmatiedostot\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Open All Links in This Page... - D:\Ohjelmatiedostot\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - D:\Ohjelmatiedostot\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - D:\Ohjelmatiedostot\Avant Browser\Search.htm
O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - D:\Ohjelmatiedostot\Avant Browser\AddAllToADBlackList.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members26.clubphoto.com/_img/uploader/atl_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130776127734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://194.142.111.124/twupd/classes/XUpload.ocx
O16 - DPF: {EB289CB4-C028-4883-92D4-E430BC7D45A7} (Sm3LicenseCheck Library) - http://www.iolo.com/sm/ocx/Sm3LicenseCheck.ocx
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: ezstor - {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\ezspp.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Ohjelmatiedostot\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Ohjelmatiedostot\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

 

Fixaa:

O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab

Ja sitten otetaan ne loputkin örkit pois =)

Hae Ewido > http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä sen raportti tänne.


Joko muuten on parempi?

 

Ewido ei ilmeisesti sovellu koneelleni koska siinä on suomenkielinen
Windows XP?. Nettiyhtyeys toimii edelleen vain muutaman minuutin vuorokaudessa? Järjestelmän palautus ei onnistu!! Menee ilmeisesti
Windowsin uudelleen asennukseen?!

 

Mistäs nyt tuollainen johtopäätös? Kaikkillahan meillä on melkein suomenkielinen versio XP ja loistavasti ewido toimii.
Kieliongelmaa ei näiden sovellusten kanssa ole.
Taitaa sitten todella olla uudelleen asennuksen paikka ellei vika vaan satu olemaan internetin palveluntarjoalla.

 

Saitko kuitenkin asennettua sen Ewidon? Kokeile pääsisitkö skannaamaan sillä vikasietotilassa.

 

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:53:02, 19.1.2006
+ Report-Checksum: A8910325

+ Scan result:

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Spyware.Webhancer : Error during cleaning
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Spyware.Webhancer : Error during cleaning
:mozilla.8:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Jani\Application Data\Mozilla\Firefox\Profiles\10aikduf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@ads49.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Jani\Cookies\jani@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/wbhshare.dll -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/Webhdll.dll -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/whiehlpr.dll -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/whieshm.dll -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temp\wh_cc.exe/whInstaller.exe -> Spyware.WebHancer : Cleaned with backup
C:\Documents and Settings\Jani\Local Settings\Temporary Internet Files\Content.IE5\QRSTCDWX\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Jonna\Cookies\jonna@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jukka\Application Data\Mozilla\Firefox\Profiles\mfsvk7wq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Jukka\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-421ef8d3-4d9f3997.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Jukka\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7d3dca66-7599d697.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Jukka\Cookies\jukka@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Minna\Application Data\Mozilla\Firefox\Profiles\0q894ggh.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@-1shz2prbmdj6wvny-1sez2pra2dj6wfkoahcpckpg-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@e-2dj6wgkiwodjcfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4sgc5kcqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Minna\Cookies\minna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlywkczsapaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\jukka@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\huaxybu5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\huaxybu5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\huaxybu5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\huaxybu5.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\AdStatServX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
D:\Vanha C\Documents and Settings\Minna\Cookies\minna@ads.trafficvenue[1].txt -> Spyware.Cookie.Trafficvenue : Cleaned with backup
D:\Vanha C\Documents and Settings\Minna\Cookies\minna@commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
D:\Vanha C\Documents and Settings\Minna\Cookies\minna@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
D:\Vanha C\Documents and Settings\Minna\Cookies\minna@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
D:\Vanha C\Documents and Settings\Minna\Cookies\minna@imgserv.adbutler[1].txt -> Spyware.Cookie.Adbutler : Cleaned with backup


::Report End

 

Pirullista kun nettiyhteys uinuu ruususen untaan ja yhteys toimii vain pari minuutttia silloin tällöin. Anteeksi typeryyteni Windowsin kieliversiolla ei tietenkään ole merkitystä Ewidon käyttöön. Lähetin
nopeasti raportin kun nettiyhteys vielä toimi. Mistä perkeleestä voisi johtua tuo netin jatkuva oikuttelu????

 

Tässäkö ne pikku pirulaiset luuraa, jotka estävät nettiyhteyden.
Ewidokaan ei saanut niitä poistettua:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 20:14:06, 19.1.2006
+ Report-Checksum: 79BE08A0

+ Scan result:

HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Spyware.Webhancer : Error during cleaning
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Spyware.Webhancer : Error during cleaning


::Report End

 

Sama kävi mielessä... Kokeilitko ajaa se Ewidon vikasietotilassa?

 

Kokeilin myös vikasietotilassa vaan ei poistuneet sittenkään!!

 

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle: (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[-HKLM\SOFTWARE\Classes\WhIeHelperObj]

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen ja aja ewidon registry scan. Lähetä sen raportti tänne.

 

Kiitokset Aaxxeellille ja Spertille myötäelosta ja opastuksesta, mutta lopulta minulta "paloi hihat" ja asensin Windowsin XP:n uudelleen ja samalla asensin koneelleni F-Secure 2006 tietoturvaohjelman. Asennuksen yhteydessä F-Secure poisti viimeisetkin örkit koneelta. Eipä sinkoile enää virheilmoitukset ja nettiyhteyskin toimii moitteita. Voi tätä autuutta pitkän taistelun jälkeen!!

 

Ole hyvä vaan. Onneksi tosiaan on aina tuo ässä hihassa
Nyt vaan entistä tarkempaa linjaa koneen turvallisuuden suhteen.