Eli siskon kannettava on koko ajan tukossa, kestää mennä nettiin, aukasta ohjelmat ja käynnistys kestää monta minuuttia... Onkohan mesevirus? Ja kone kaatuilee. Tein aikasemmin eilen smitfraudfixin ihan ohjeiden mukaan ja kone parani hiukan, mutta siskoni on hermoromahduksen partaalla.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:42, on 24.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\T-Mobile\Speedmanager plus\NG1200GUI.exe
C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
C:\Program Files\T-Mobile\Speedmanager plus\Speedmanager plus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AA9F605-03F3-4F11-9BD3-A6BF873C6017} - (no file)
O2 - BHO: (no name) - {5A486AB0-5966-48FA-A7ED-07ACA19C7D4E} - (no file)
O2 - BHO: (no name) - {8710fc9f-0816-49d7-ae14-4ba5269e838c} - (no file)
O2 - BHO: (no name) - {ECB9322A-0D7F-480F-970B-1A824089DA9E} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Controls Center] winudmr.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgrs.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Speedmanager plus.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O20 - Winlogon Notify: nnnlkjHA - nnnlkjHA.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Asnsocinwnlm - Advanced System Products, Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 5931 bytes

Fixaa noi alkuun:

O2 - BHO: (no name) - [u{2AA9F605-03F3-4F11-9BD3-A6BF873C6017} - (no file)
O2 - BHO: (no name) - {5A486AB0-5966-48FA-A7ED-07ACA19C7D4E} - (no file)
O2 - BHO: (no name) - {8710fc9f-0816-49d7-ae14-4ba5269e838c} - (no file)
O2 - BHO: (no name) - {ECB9322A-0D7F-480F-970B-1A824089DA9E} - (no file)

Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

E: viisaampi korjaa jos neuvoin väärin?

Jep mese virushan se siellä.

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Malwarebytes' Anti-Malware 1.23
Tietokantaversio: 985
Windows 5.1.2600 Service Pack 2

10:01:07 24.7.2008
mbam-log-7-24-2008 (10-00-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 91776
Kulunut aika: 26 minute(s), 35 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 5

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Saastuneita rekisteriarvoja:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8710fc9f-0816-49d7-ae14-4ba5269e838c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Controls Center (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> No action taken.

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\bot.exe (Trojan.Agent) -> No action taken.
C:\is155815.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Maria\results.txt (Malware.Trace) -> No action taken.
Poistanko kaikki?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25, on 2008-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
C:\Program Files\T-Mobile\Speedmanager plus\Speedmanager plus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB8_0
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Speedmanager plus.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O20 - Winlogon Notify: nnnlkjHA - nnnlkjHA.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Asnsocinwnlm - Advanced System Products, Inc. - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 5694 bytes




ComboFix 08-07-23.4 - Maria 2008-07-24 10:07:45.1 - FAT32x86
Running from: C:\Documents and Settings\Maria\Työpöytä\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\dehoemsr.ini
C:\WINDOWS\system32\lmmTBJlm.ini
C:\WINDOWS\system32\lmmTBJlm.ini2
C:\WINDOWS\system32\ryofqhbp.ini
C:\WINDOWS\system32\TsBayyxx.ini
C:\WINDOWS\system32\TsBayyxx.ini2

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-06-24 to 2008-07-24 )))))))))))))))))
.

2008-07-24 09:31 . 2008-07-24 09:31 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 09:31 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 09:31 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 08:36 . 2008-07-24 08:36 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-07-23 19:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 19:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 19:40 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 19:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 19:40 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 19:40 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 19:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-23 19:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 19:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 19:40 . 2008-07-23 19:50 652 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 16:32 . 2008-07-23 17:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-23 16:25 . 2008-07-23 16:25 <KANSIO> d-------- C:\Program Files\Softwin
2008-07-23 16:20 . 2008-07-23 16:20 <KANSIO> d-------- C:\Program Files\Common Files\Softwin
2008-07-23 15:50 . 2008-07-23 15:50 <KANSIO> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 12:15 . 2008-07-23 12:15 <KANSIO> d-------- C:\Program Files\a-squared Free
2008-07-22 22:00 . 2008-07-22 22:00 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 21:58 . 2008-07-22 21:58 <KANSIO> d-------- C:\Documents and Settings\Maria\Application Data\Malwarebytes
2008-07-22 21:58 . 2008-07-22 21:58 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 20:24 . 2008-07-23 10:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 20:24 . 2008-07-18 20:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-17 14:03 . 2008-07-17 14:03 <KANSIO> d--hs---- C:\FOUND.001
2008-07-16 01:46 . 2008-07-16 01:46 <KANSIO> d-------- C:\Program Files\IrfanView
2008-07-13 15:46 . 2008-07-13 15:46 <KANSIO> d--hs---- C:\FOUND.000
2008-07-11 22:08 . 2008-07-11 22:08 <KANSIO> d-------- C:\Program Files\QIP
2008-07-11 17:04 . 2007-06-12 13:15 51,040 -ra------ C:\WINDOWS\system32\drivers\ipw3gnet.sys
2008-07-11 15:48 . 2008-07-11 15:48 <KANSIO> d-------- C:\Program Files\Opera
2008-07-11 02:56 . 2005-10-06 18:58 118,784 --a------ C:\WINDOWS\system32\NGClnAPI.dll
2008-07-11 02:55 . 2008-07-11 02:55 <KANSIO> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-07-11 02:55 . 2005-10-11 12:30 634,880 --a------ C:\WINDOWS\system32\stlport_vc6.4.5.dll
2008-07-11 02:55 . 2005-10-11 12:30 405,588 --a------ C:\WINDOWS\system32\vc6-stlport-re300l.dll
2008-07-11 02:55 . 2005-10-06 18:58 233,684 --a------ C:\WINDOWS\system32\drivers\ATM.sys
2008-07-11 02:55 . 2005-10-11 12:30 110,592 --a------ C:\WINDOWS\system32\ABProvider32.dll
2008-07-11 02:55 . 2005-10-26 11:38 36,413 --a------ C:\WINDOWS\system32\drivers\TSM.sys
2008-07-11 02:21 . 2004-03-11 22:28 118,784 -ra------ C:\WINDOWS\system32\IpwUsb32.dll
2008-07-10 22:00 . 2005-10-11 12:30 110,080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-07-10 22:00 . 2005-10-11 12:30 94,720 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-07-10 21:59 . 2008-07-10 21:59 <KANSIO> d-------- C:\Program Files\T-Mobile
2008-07-10 21:43 . 2004-03-11 22:28 118,784 -ra------ C:\WINDOWS\system32\drivers\IpwUsb32.dll
2008-07-10 21:43 . 2005-09-27 10:21 95,440 -ra------ C:\WINDOWS\system32\drivers\ipw_mdm.sys
2008-07-10 21:43 . 2005-09-27 10:21 58,320 -ra------ C:\WINDOWS\system32\drivers\ipw_bus.sys
2008-07-10 21:43 . 2005-07-30 11:29 43,184 -ra------ C:\WINDOWS\system32\drivers\ipwpnet.sys
2008-07-10 21:43 . 2005-09-08 01:18 9,728 -ra------ C:\WINDOWS\system32\drivers\ethpdrv.sys
2008-07-10 21:43 . 2005-09-27 10:21 8,272 -ra------ C:\WINDOWS\system32\drivers\ipw_mdfl.sys
2008-07-10 21:43 . 2005-07-30 11:29 7,120 -ra------ C:\WINDOWS\system32\drivers\fskutl.sys
2008-07-10 21:43 . 2005-09-27 10:21 6,176 -ra------ C:\WINDOWS\system32\drivers\ipw_cm.sys
2008-07-10 21:43 . 2005-09-27 10:22 5,840 -ra------ C:\WINDOWS\system32\drivers\ipw_wh.sys
2008-07-10 21:41 . 2008-07-10 21:41 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-07-06 16:18 . 2008-07-06 16:18 <KANSIO> d-------- C:\Documents and Settings\Maria\Application Data\dvdcss
2008-07-06 02:07 . 2008-07-06 02:07 <KANSIO> d-------- C:\Documents and Settings\Maria\Application Data\vlc
2008-07-06 02:04 . 2008-07-06 02:04 <KANSIO> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 00:07 --------- d-----w C:\Documents and Settings\Maria\Application Data\vlc
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 12:38 1,641,202 ----a-w C:\WINDOWS\system32\ryofqhbp.tmp
2008-06-17 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 13:35 --------- d-----w C:\Program Files\Windows Doctor
2008-06-17 02:27 2,231 ----a-w C:\iss.exe
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 10:03 109,056 ----a-w C:\misvcdsn.exe
2008-06-10 11:05 2,232 ----a-w C:\lp.exe
2008-06-08 13:53 2,231 ----a-w C:\hszs.exe
2008-05-28 09:10 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-05-14 12:23 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2006-05-24 18:12 0 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-05-21 15:56 0 ---ha-w C:\Documents and Settings\Maria\Application Data\hpothb07.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-10-25 19:17 938048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 16:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^F-Secure 2006.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\F-Secure 2006.lnk
backup=C:\WINDOWS\pss\F-Secure 2006.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\T-Mobile\\Speedmanager plus\\Speedmanager plus.exe"=
"C:\\Program Files\\QIP\\qip.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 atm;NettGain 1200 ATM;C:\WINDOWS\system32\drivers\atm.sys [2005-10-06 18:58]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 TSM;TSM Driver - Layered Version;C:\WINDOWS\system32\drivers\tsm.sys [2005-10-26 11:38]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 Ethpdrv;Ethernet Packet Driver;C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 01:18]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ipw_bus;IPWireless;C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 10:21]
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 10:21]
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 10:21]
S3 IpwP;IPWireless 3G Network Adapter;C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2007-06-12 13:15]
S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-07-24 07:55:20 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"

ja jos auttaa, keskusmuistia on 258 mb ja 1,5GHz prosessori

Tota, voisitteko vastata?

olisi tota vähän kiire asialla??

ootko jo poistanu noi malwarebytesin löydöt?

Tuota tuota... Muönnän kyllä etten kovinkaan paljon noita logeja osaa tulkita, mutta katselin tota aloitusviestiä hiukan läpi. Näyttäisi olevan koneella Nortonia (Symantec Shared), Avast ja jotain F-Securen juttuja (Internet Security). Ei kai näissä kaikissa ole reaali-aikainen suojaus samaan aikaan päällä?

Lainaus, alkuperäisen viestin kirjoitti 79atanos:

---

Tuota tuota... Muönnän kyllä etten kovinkaan paljon noita logeja osaa tulkita, mutta katselin tota aloitusviestiä hiukan läpi. Näyttäisi olevan koneella Nortonia (Symantec Shared), Avast ja jotain F-Securen juttuja (Internet Security). Ei kai näissä kaikissa ole reaali-aikainen suojaus samaan aikaan päällä?

---

Ei ole... Poistin ne kansiot itse, koska ne olivat turhia.. Nyt ei läppärillä toimi mikään virustorjunta(luultavasti meseviruksen ansiota).. Kunhan nyt ammattilaiset kertoisivat, mitä seuraavaksi tehdä...

Katso Yksityis viestisi.