1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

HJT-loki + BitDefender, Kaspersky lokit

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Porshe 30.07.2007.

  1. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    Logfile of HijackThis v1.99.1
    Scan saved at 12:33:38, on 30.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SkyTel.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
    C:\Program Files\Samurize\Client.exe
    C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
    D:\Opera\Opera.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Lataa FlashGetillä
    - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Lataa kaikki FlashGetillä
    - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe



    -------



    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, July 30, 2007 12:27:36 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 29/07/2007
    Kaspersky Anti-Virus database records: 346629
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    F:\
    G:\
    H:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 134027
    Number of viruses found: 3
    Number of infected objects: 7 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 04:26:32

    Infected Object Name / Virus Name / Last Action
    C:\Boss - My Files\Application Data\AVG7\l_000105.log Object is locked skipped
    C:\Boss - My Files\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
    C:\Boss - My Files\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
    C:\Boss - My Files\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\Johtaja\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007072320070730\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007073020070731\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Temp\Perflib_Perfdata_fd0.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Temp\Perflib_Perfdata_ffc.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Temp\tmp000020f0\tmp00000000 Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Johtaja\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Miikka\Application Data\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\1035.MST Object is locked skipped
    C:\Documents and Settings\Miikka\Application Data\Microsoft\Installer\{39619863-8A11-4B60-A166-E6747C986EBE}\ARPPRODUCTICON.exe Object is locked skipped
    C:\Documents and Settings\Miikka\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
    C:\Documents and Settings\Miikka\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk Object is locked skipped
    C:\Documents and Settings\Miikka\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Miikka\ntuser.ini Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2007-07-29.18-01-09.log Object is locked skipped
    C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
    C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/service.exe Infected: Trojan.Win32.Agent.amg skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar Infected: Backdoor.Win32.Iroffer.af skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe RarSFX: infected - 3 skipped
    C:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
    D:\µTorrent\Temponary\The Simpsons Movie (2007) NOFEAR TS KvCD Jamgood(TUS Release)\The Simpsons Movie (2007) NOFEAR TS KvCD Jamgood(TUS Release).bin Object is locked skipped
    G:\Games\Need.For.Speed.Carbon.Collectors.Edition\rzr-nfsc\Razor1911\Keygen.exe Object is locked skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar RAR: infected - 2 skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP11\A0003108.exe Object is locked skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP11\A0003141.exe Object is locked skipped
    G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003545.exe Object is locked skipped
    G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003546.exe Object is locked skipped
    G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP15\A0003547.exe Object is locked skipped
    G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
    G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP14\A0006978.exe Object is locked skipped
    J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011367.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011417.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011427.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011595.exe Object is locked skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013205.exe Object is locked skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013211.exe Object is locked skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017911.exe Object is locked skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017921.exe Object is locked skipped
    J:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP27\change.log Object is locked skipped
    J:\System Volume Information\_restore{E5FD512E-C371-474A-9BDA-799C2EDF426D}\RP7\A0002262.exe Object is locked skipped

    Scan process completed.



    ------



    Bitdefender löysi 12 jotain erilaista virusta ja poisti ilmeisesti ne ke kaikki mutta sitä lokia en viitsi tähän laittaa koska se tuli jotain ihme koodina ja se on noin kolme kertaa pidempi kun nää 2 edellistä yhteensä. Viitsiskö joku tarkistaa hjt lokin ja kertoo mahdollisesti jonkun ohjelman millä viel scannais`?
     
  2.  
  3. Auttaja

    Auttaja Guest

    Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

    * Käynnistä tietokone
    * Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    * Seuraavaksi pitäisi ilmestyä valikko
    * Valitse valikosta vikasietotila.


    * Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
    * Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    * Paina Y käynnistääksesi skriptin.
    * Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    * Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    * Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    * Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    * Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    * Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

    myös uusi hjtlogi
     
  4. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    [​IMG]
    ^^ Olikohan tossa sun ohjeessas jotain väärin? Kirjotin Y kirjaimen, painoin Enter ja mitään ei tapahtunu?

    Oon ajatellu vaihtaa ton AVG virus ohjelman tuohon BitDefender 8 Free. Mutta onko siinä realtime protection? ''Virus scanning and removal
    On demand scanning - Powerful scan engines ensure detection and removal of all viruses in the wild every time you need it.'' Tosta saa meinaan semmosen käsityksen.
     
    Viimeksi muokattu: 02.08.2007
  5. Auttaja

    Auttaja Guest

    Yritit ajaa vikasietotilassa?
     
  6. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    käynnistä -> suorita -> msconfig -> [​IMG]
    ^^ Rasti ruutuun ''käynnistys vianmääritystilassa'' eikö tuo sitten ole?
     
    Viimeksi muokattu: 03.08.2007
  7. Auttaja

    Auttaja Guest

    eipä taida olla... hakkaa sitä f8 käynnistyksen alussa niin pääset...
     
  8. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    Ei mun biossista ainakaan aukee f8 sitä valikkoa. Ootko nyt ihan varma ettei toi vianmääritystila o sama kun vikasietotila?
     
  9. Auttaja

    Auttaja Guest

    1. Lataa tästä poistotyökalu ja tallenna se työpöydällesi http://sosvirus.changelog.fr/MSNFix.zip
    2. Pura se MSNFix kansioon
    3. Avaa kansio ja käynnistä MSNFix.bat
    4. Valitse haluamasi kieli ikkunassa näkyvästä listasta kirjoittamalla joku niistä kirjaimista ja paina ENTER. E = englanti
    5. Kirjoita seuraavaksi R kirjain ja paina ENTER käynnistääksesi virushaun.
    6. Sen jälkeen paina uusiksi ENTER poistaaksesi työkalun löytämät tiedostot.
     
  10. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    MSN_Fix 1.454

    C:\Documents and Settings\Johtaja\Ty”p”yt„\MSNFix
    Scan done at ma 06.08.2007 - 0:29:46,17 By Johtaja
    normal mode

    ************************ Checking Files

    ... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*

    ************************ Checking Folders

    No Folders Found




    ************************ Deleting malware Files

    /!\ ... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*



    ************************ Registry Cleaning



    Others Files will be deleted after a reboot to normal mode


    ************************ Deleting malware Files

    /!\ ... C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste*



    [C:\WINDOWS\Samurize.scr] 24FE50950AB3DD3F1691A7B3B50CEC62
    ************************ Suspect Files

    /!\ The detected files must be reviewed by a forum Helper before changes can be made

    [C:\WINDOWS\Samurize.scr] 24FE50950AB3DD3F1691A7B3B50CEC62
    No files found


    The File and Registry deletions have been saved in ma 06.08.2007_ 9002014.zip


    ------------------------------------------------------------------------
    Author : !aur3n7 Contact: http://www.changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    Mahtokos tuo nyt lähteä?
     
  11. Auttaja

    Auttaja Guest

    Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.


    O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)


    Tässä ohje miten merkataan:
    [​IMG]

    =======


    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
  12. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    ComboFix 07-08-04.3 - "Johtaja" 2007-08-07 14:44:17.1 [GMT 3:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
    * Created a new restore point


    ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


    2007-08-07 14:43 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-03 12:06 <KANSIO> d-------- C:\Program Files\DHShutdown
    2007-08-01 23:51 <KANSIO> d-------- C:\DOCUME~1\Johtaja\APPLIC~1\Opera
    2007-07-31 22:22 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
    2007-07-31 14:51 <KANSIO> d-------- C:\Program Files\BSplayer
    2007-07-31 01:31 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2007-07-31 01:03 <KANSIO> d-------- C:\Program Files\MediaPlayerClassic
    2007-07-29 23:59 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-07-29 23:59 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
    2007-07-27 23:15 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-07-27 23:15 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-07-27 23:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2007-07-27 23:14 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
    2007-07-27 23:14 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
    2007-07-27 23:13 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2007-07-27 23:13 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2007-07-27 23:11 <KANSIO> d-------- C:\Program Files\Focus
    2007-07-27 01:08 150,016 --a------ C:\WINDOWS\system32\Unzip32.dll
    2007-07-27 01:08 <KANSIO> d-------- C:\Program Files\Bluetack
    2007-07-25 23:05 0 --a------ C:\WINDOWS\nsreg.dat
    2007-07-24 12:54 <KANSIO> d-------- C:\Program Files\B2BPOKER
    2007-07-24 01:56 <KANSIO> d-------- C:\Program Files\Maxthon2
    2007-07-23 08:45 <KANSIO> d-------- C:\Program Files\IE7Pro
    2007-07-22 22:01 11,652 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-07-22 20:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-07-22 20:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-07-22 20:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-07-22 20:40 2,150 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-20 16:54 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Screaming Bee
    2007-07-20 16:53 <KANSIO> d-------- C:\Program Files\Common Files\Screaming Bee
    2007-07-20 10:23 12,831,088 --------- C:\AVG7QT.DAT
    2007-07-20 09:24 <KANSIO> d-------- C:\DOCUME~1\Johtaja\usernotes
    2007-07-17 00:13 <KANSIO> d-------- C:\Program Files\Samurize


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-07 14:37 --------- d-------- C:\Boss - My Files\Application Data\DMCache
    2007-08-06 09:24 --------- d-------- C:\Boss - My Files\Application Data\foobar2000
    2007-08-06 01:49 --------- d-------- C:\Boss - My Files\Application Data\uTorrent
    2007-08-06 00:23 --------- d--h----- C:\Boss - My Files\Application Data\.piratepornload
    2007-08-05 17:10 --------- d-------- C:\Boss - My Files\Application Data\teamspeak2
    2007-08-02 00:02 --------- d-------- C:\Program Files\Internet Download Manager
    2007-08-01 23:32 --------- d-------- C:\Boss - My Files\Application Data\BSplayer
    2007-08-01 12:31 10085 --a------ C:\WINDOWS\msvrc20.dll
    2007-07-27 23:14 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-27 23:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-24 02:11 71202 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-07-24 02:11 366824 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-07-23 11:39 202160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2007-07-23 08:45 --------- d-------- C:\Boss - My Files\Application Data\IE7Pro
    2007-07-01 17:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-07-01 16:26 --------- d-------- C:\Boss - My Files\Application Data\Ahead
    2007-07-01 16:05 --------- d-------- C:\Program Files\Common Files\Ahead
    2007-07-01 13:34 4 --a------ C:\WINDOWS\info147.sys
    2007-07-01 13:04 --------- d-------- C:\Program Files\Common Files\Totem Shared
    2007-06-28 17:31 --------- d-------- C:\Boss - My Files\Application Data\Command & Conquer 3 Tiberium Wars
    2007-06-28 17:31 --------- d-------- C:\Boss - My Files\Application Data\aignes
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\vlc
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\WinRAR
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\TuneUp Software
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Opera
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Media Player Classic
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\IDM
    2007-06-28 17:30 --------- d-------- C:\Boss - My Files\Application Data\Help
    2007-06-25 02:22 1231 --a------ C:\WINDOWS\mozver.dat
    2007-06-21 00:04 --------- d-------- C:\Program Files\VirusTotalUploader
    2007-06-20 00:33 --------- d-------- C:\Program Files\IObit
    2007-06-18 11:46 --------- d-------- C:\Program Files\Messenger
    2007-06-18 02:40 --------- d-------- C:\Program Files\MSXML 4.0
    2007-06-15 01:16 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-06-15 01:07 --------- d-------- C:\Program Files\Notepad2
    2007-06-15 00:34 3026 --a------ C:\WINDOWS\system32\drivers\hwinterface.sys
    2007-06-14 22:18 249317 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7078.exe
    2007-06-14 13:16 --------- d-------- C:\Program Files\Sygate
    2007-06-14 13:02 --------- d-------- C:\Program Files\NVIDIA
    2007-06-14 13:01 8 --a------ C:\DFIMB.DAT
    2007-06-14 12:53 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-06-07 12:49 0 -ra------ C:\logwmemory.bin
    2007-06-07 08:56 --------- d-------- C:\Program Files\Electronic Arts
    2007-06-03 14:31 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
    2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
    2007-05-13 18:38 0 -rahs---- C:\MSDOS.SYS
    2007-05-13 18:38 0 -rahs---- C:\IO.SYS
    2007-05-13 18:38 0 --a------ C:\CONFIG.SYS
    2007-05-13 18:38 0 --a------ C:\AUTOEXEC.BAT
    --------- C:\Program Files\µTorrent


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Tweak UI"="TWEAKUI.CPL" [2000-06-18 14:03 C:\WINDOWS\system32\TWEAKUI.CPL]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16]
    "SkyTel"="SkyTel.EXE" [2006-04-24 15:20 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-04 15:59 C:\WINDOWS\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 06:05]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-22 15:02]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-07-28 15:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoRecentDocsMenu"=01000000
    "NoSMMyDocs"=01000000
    "NoSMMyPictures"=01000000

    R0 Teefer;Teefer for NT;C:\WINDOWS\system32\Drivers\Teefer.sys
    R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys
    R1 wpsdrvnt;wpsdrvnt;\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
    R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 wg3n;SyGate for NT, wg3n;C:\WINDOWS\system32\Drivers\wg3n.sys
    R2 wg4n;SyGate for NT, wg4n;C:\WINDOWS\system32\Drivers\wg4n.sys
    R2 wg5n;SyGate for NT, wg5n;C:\WINDOWS\system32\Drivers\wg5n.sys
    R2 wg6n;SyGate for NT, wg6n;C:\WINDOWS\system32\Drivers\wg6n.sys
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-06-14 22:19:51 C:\WINDOWS\Tasks\1-Click Maintenance.job - D:\TuneUp Utilities 2007\SystemOptimizer.exe
    2007-08-05 22:48:04 C:\WINDOWS\Tasks\shutdown -s.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-07 14:45:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

    Completion time: 2007-08-07 14:45:31

    --- E O F ---


    - 1. Mulla ei ollut tuol hjt lokissa enää sitä ''O21 - SSODL: printers - {BC68906F-47CC-48D4-881A-FC2A5F1A8AA1} - notiffy.dll (file missing)''
    - 2. Onko siinä BitDefender 8 Free ohjelmassa real time protection?
     
  13. Auttaja

    Auttaja Guest

    hyvältä näyttää logit.. varmistetaan viel

    Kaspersky online-skanneri

    Skannaa koneesi Kaspersky Online Skannerilla

    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    [*] Klikkaa nyt asetuksia, Scan Settings
    [*] Tarkista asetuksista, että seuraavat ovat valittuina:

    o Scan using the following Anti-Virus database:

    + Extended (Jos valittavissa, muuten valitse Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

    [*] Klikkaa OK
    [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    [*] Klikkaa nyt Save as Text-painiketta.
    [*] Tallenna tiedosto työpöydällesi.
    [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
     
  14. Porshe

    Porshe Regular member

    Liittynyt:
    01.12.2006
    Viestejä:
    1,111
    Kiitokset:
    0
    Pisteet:
    46
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, August 08, 2007 1:00:04 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 7/08/2007
    Kaspersky Anti-Virus database records: 376862
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    F:\
    G:\
    H:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 117384
    Number of viruses found: 8
    Number of infected objects: 80
    Number of suspicious objects: 0
    Duration of the scan process: 02:08:50

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\Johtaja\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Sivuhistoria\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Johtaja\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Johtaja\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\logs\starwind.2007-08-07.14-38-48.log Object is locked skipped
    C:\Program Files\Bluetack\Blocklist Manager\Tools\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
    C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
    C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/service.exe Infected: Trojan.Win32.Agent.amg skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar/svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe/data.rar Infected: Backdoor.Win32.Iroffer.af skipped
    C:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP13\A0014755.exe RarSFX: infected - 3 skipped
    C:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\mIRC\backup\backup.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    D:\mIRC\backup\backup.rar RAR: infected - 1 skipped
    D:\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    D:\mIRC\mIRC.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    D:\mIRC\mIRC.rar RAR: infected - 1 skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{26A6E0C8-B5F2-48E4-BAB2-C0355D438A1B}\RP17\A0014978.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    D:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP1\A0000212.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    D:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
    G:\Games\Need.For.Speed.Carbon.Collectors.Edition\rzr-nfsc\Razor1911\Keygen.exe Object is locked skipped
    G:\Miikka\Programs\mIRC-621\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    G:\Miikka\Programs\mIRC-621\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    G:\Miikka\Programs\mIRC-621\mirc621.exe NSIS: infected - 2 skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows Activator/RockXP4.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar/keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar/Windows XP Genuine/Windows.PatcherP5575987.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\Miikka\Programs\Windows XP Genuine.rar RAR: infected - 9 skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.q skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar/Setup.exe Infected: Trojan-Downloader.NSIS.Agent.q skipped
    G:\Miikka\Temponary\Adobe PhotoShop CS2.rar RAR: infected - 2 skipped
    G:\Miikka\Temponary\BLMInstall277.exe/file31 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
    G:\Miikka\Temponary\BLMInstall277.exe Inno: infected - 1 skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe RarSFX: infected - 2 skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001783.exe PE_Patch.UPX: infected - 2 skipped
    G:\System Volume Information\_restore{6510A0FD-CB9B-4A16-993F-AFF9CB8E089A}\RP9\A0001786.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{AF813549-533A-4A7D-8E73-D872726D0B1E}\RP72\A0024541.exe RarSFX: infected - 3 skipped
    G:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
    G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    G:\System Volume Information\_restore{F094107F-8642-4A6B-894B-BDF3D9FAEA85}\RP10\A0006332.exe RarSFX: infected - 3 skipped
    J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011281.exe RarSFX: infected - 3 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011367.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011417.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011427.exe Object is locked skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe RarSFX: infected - 2 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011430.exe PE_Patch.UPX: infected - 2 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011506.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011577.exe NSIS: infected - 2 skipped
    J:\System Volume Information\_restore{12E9A97F-1BE8-49B3-B71B-AE4EEF54CFB6}\RP28\A0011595.exe Object is locked skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013205.exe Object is locked skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013211.exe Object is locked skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013290.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{1E5AEC94-4EDC-4D18-8C01-A5B4B96F0720}\RP84\A0013339.exe NSIS: infected - 2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017714.exe RarSFX: infected - 2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017911.exe Object is locked skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017921.exe Object is locked skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe RarSFX: infected - 2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0017925.exe PE_Patch.UPX: infected - 2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018002.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018058.exe NSIS: infected - 2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar/xpkey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar/officekey.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018134.exe RarSFX: infected - 3 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:pSWTool.Win32.PWDump.2 skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar/RockXP4_.exe Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe/data.rar Infected: not-a-virus:pSWTool.Win32.RAS.a skipped
    J:\System Volume Information\_restore{962CABCF-5B3E-4E9E-84B6-B6951A7CF70C}\RP72\A0018150.exe RarSFX: infected - 4 skipped
    J:\System Volume Information\_restore{B40795E6-7884-4A7B-8B8E-9B27A5D85169}\RP4\change.log Object is locked skipped
    J:\System Volume Information\_restore{E5FD512E-C371-474A-9BDA-799C2EDF426D}\RP7\A0002262.exe Object is locked skipped

    Scan process completed.

    Oliskos sulla semmosesta ohjelmasta tietoa mihin syötetää vaan polku ja se ohjelma poistaa kyseisen tiedoston/kansion ja tekee siitä backupin?
     
  15. Auttaja

    Auttaja Guest

    juups.. kyllähän niit löytyy


    Pysy puhtaana

    -> Tyhjennä järjestelmänpalautus Ohjeet
    Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

    -> Käytä CCleaneria -> CCleaner
    Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

    -> Asenna SpywareBlaster -> SpywareBlaster
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Asenna MVPS Hosts tiedosto -> MVPS Hosts
    Estää koneesi yhteyden haitallisiin sivustoihin.
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    -> Vaihda selaimesi Firefoxiin -> Firefox
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

    -> Pidä järjestelmäsi ajantasalla. -> Windows Update
    Vieraile Windows Updatessa säännöllisesti.

    -> Pidä palomuuri ja virustorjunta ajantasalla
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
    ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

    ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
    Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

    ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

    Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
     

Jaa tämä sivu