Troijalainen kiusaa,hit log

Jonee · 15.06.2009

Aviran varoitus ponnahtaa vähänväliä näyttöön TR/Agent.alos

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:54 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SeekappSrch\seekapp.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Spotify\spotify.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\xxyYsTjK.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Windows Updater] C:\WINDOWS\TEMP\System.exe
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKLM\..\Run: [RUNDLL32] C:\WINDOWS\TEMP\rundll32.exe
O4 - HKLM\..\Run: [Microsoft Security Interface] C:\WINDOWS\TEMP\msi.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Tony\svchost.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tony\judui\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Tony\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: xxyYsTjK - C:\WINDOWS\SYSTEM32\xxyYsTjK.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Tehtävien ajoitus (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8696 bytes

AfterDawn

kalminen · 15.06.2009

Aika paha !!!

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

- Tuplakilikkaa työpöydälle ladattua SDFix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.cmd tai RunThis.bat käynnistääksesi ohjelman.
Paina Y käynnistääksesi skriptin.
Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.

Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

Mitä sulla on palomuurina ???
.

Kenttu · 15.06.2009

Kirjottelin tuon ensimmäisen viestin kaverin tunnuksilla(jonee)ja nyt omalla.

Windowsin palomuuri on ainakin.

SDFix: Version 1.240
Run by Tony on Mon 06/15/2009 at 01:35 PM

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value
Restoring Default Schedule Service Path
Resetting AppInit_DLLs value

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Tony\Local Settings\Temp\ubi61.tmp.exe - Deleted
C:\Program Files\altcmd\altcmd.inf - Deleted
C:\Program Files\altcmd\uninstall.bat - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted

Folder C:\Program Files\altcmd - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 13:46:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a7,3d,40,e2,dc,52,83,d3,1b,22,f2,4a,3d,70,93,1b,72,01,b7,59,2e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ae,ef,90,d8,97,29,75,f0,4a,4d,50,3c,8e,a5,88,76,c0,..
"khjeh"=hex:f6,f2,1d,38,c0,66,0a,ae,49,82,3a,2d,12,ba,88,6d,86,f4,9c,e5,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:72,90,f7,26,fc,6a,e8,3e,63,c1,93,05,2c,c5,ae,dd,e3,0c,34,d0,f0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0e,2f,cc,69,52,a4,73,60,21,e8,23,1a,7c,5b,14,df,e7,1b,d1,76,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a7,3d,40,e2,dc,52,83,d3,1b,22,f2,4a,3d,70,93,1b,72,01,b7,59,2e,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ae,ef,90,d8,97,29,75,f0,4a,4d,50,3c,8e,a5,88,76,c0,..
"khjeh"=hex:f6,f2,1d,38,c0,66,0a,ae,49,82,3a,2d,12,ba,88,6d,86,f4,9c,e5,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:72,90,f7,26,fc,6a,e8,3e,63,c1,93,05,2c,c5,ae,dd,e3,0c,34,d0,f0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0e,2f,cc,69,52,a4,73,60,21,e8,23,1a,7c,5b,14,df,e7,1b,d1,76,50,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Steam\\steamapps\\beyerdynamic\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\beyerdynamic\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Tony\\Pelit\\GTA_IV\\asennettu\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Tony\\Pelit\\GTA_IV\\asennettu\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Tony\\Pelit\\Combat Arms EU\\CombatArms.exe"="C:\\Tony\\Pelit\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Tony\\Pelit\\Combat Arms EU\\Engine.exe"="C:\\Tony\\Pelit\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
"C:\\Tony\\Pelit\\Combat Arms EU\\NMService.exe"="C:\\Tony\\Pelit\\Combat Arms EU\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\\Documents and Settings\\Tony\\Local Settings\\Temp\\Blizzard Launcher Temporary - 68e76628\\Launcher.exe"="C:\\Documents and Settings\\Tony\\Local Settings\\Temp\\Blizzard Launcher Temporary - 68e76628\\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\\Tony\\Pelit\\AOE\\age3.exe"="C:\\Tony\\Pelit\\AOE\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Tony\\Pelit\\cod2\\CoD2MP_s.exe"="C:\\Tony\\Pelit\\cod2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:EnablednkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Tony\\Pelit\\midnight club 2\\mc2.exe"="C:\\Tony\\Pelit\\midnight club 2\\mc2.exe:*:Enabled:mc2"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Tony\\Pelit\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Tony\\Pelit\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\\Tony\\Pelit\\GTA_IV\\asennettu\\Grand Theft Auto IV\\LaunchGTAIV.exe"="C:\\Tony\\Pelit\\GTA_IV\\asennettu\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\\Tony\\Pelit\\World of Warcraft\\Launcher.exe"="C:\\Tony\\Pelit\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\\Tony\\Pelit\\formulapeli\\MNK\\LFS.exe"="C:\\Tony\\Pelit\\formulapeli\\MNK\\LFS.exe:*:Enabled:LFS"
"C:\\demigod\\bin\\Demigod.exe"="C:\\demigod\\bin\\Demigod.exe:*:Enabledemigod Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\\Tony\\Pelit\\Burnout paradise\\BurnoutLauncher.exe"="C:\\Tony\\Pelit\\Burnout paradise\\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\\Tony\\Pelit\\Burnout paradise\\BurnoutConfigTool.exe"="C:\\Tony\\Pelit\\Burnout paradise\\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\\Tony\\Pelit\\Burnout paradise\\BurnoutParadise.exe"="C:\\Tony\\Pelit\\Burnout paradise\\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Tony\\Pelit\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Tony\\Pelit\\[PC] Tom Clancy's Splinter Cell Double Agent [RIP] [dopeman]\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\Tony\\Pelit\\splinter cell doubleagent\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe"="C:\\Tony\\Pelit\\splinter cell doubleagent\\TCSCDA\\SCDA-Offline\\System\\SplinterCell4.exe:*:Enabled:SplinterCell4"
"C:\\Tony\\Pelit\\Left 4 dead\\Left 4 Dead\\left4dead.exe"="C:\\Tony\\Pelit\\Left 4 dead\\Left 4 Dead\\left4dead.exe:*:Enabled:left4dead"
"C:\\Tony\\Pelit\\Mirror's Edge-RELOADED\\asennettu\\Binaries\\MirrorsEdge.exe"="C:\\Tony\\Pelit\\Mirror's Edge-RELOADED\\asennettu\\Binaries\\MirrorsEdge.exe:*:Enabled:Mirror's EdgeT"
"C:\\Program Files\\Spotify\\spotify.exe"="C:\\Program Files\\Spotify\\spotify.exe:*:Enabled:Spotify"
"C:\\Tony\\Pelit\\ra3\\Data\\ra3_1.0.game"="C:\\Tony\\Pelit\\ra3\\Data\\ra3_1.0.game:*:Enabled:Command & ConquerT Red AlertT 3"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabledxpsp2res.dll,-22019"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\nvsvc32.exe"="C:\\WINDOWS\\system32\\nvsvc32.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer"
"C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Tony\\Pelit\\Combat Arms EU\\CombatArms.exe"="C:\\Tony\\Pelit\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Tony\\Pelit\\Combat Arms EU\\Engine.exe"="C:\\Tony\\Pelit\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabledxpsp2res.dll,-22019"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\nvsvc32.exe"="C:\\WINDOWS\\system32\\nvsvc32.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabledxpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 5 Jun 2009 2,220 ...HR --- "C:\Documents and Settings\Tony\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:29 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SeekappSrch\seekapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tony\judui\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7524 bytes

kalminen · 15.06.2009

OK !!!

Tämä kansio bittien taivaaseen => C:\SDFix\
ja työpöydältä SDFix.exe

---------------------------------------------------

Asenna koneellesi YKSI palomuuriohjelma NYT:

1) ZoneAlarm
(Asennuksessa poista rasti kohdasta "Include a ZoneAlarm Spy Blocker", koska tämä työkalupalkki ei ole suositeltava.
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
(Asennuksessa poista rasti kohdista "Install Comodo SafeSurf..", Make Comodo my default
search provider" ja "Make Comodo Search my homepage". Nämä eivät ole suositeltavia.
Ota asennuksessa rasti myös pois kohdasta "Install Comodo Antivirus", jos käytät muuta
virustorjuntaa.)

Jos käytät sisäänrakennettua Windowsin palomuuria, se ei ole suositeltua sillä se ei
estä koneelta ulosmeneviä yhteyksiä. Tämä tarkoittaa että mikä tahansa haittaohjelma
koneellasi on vapaa tekemään mitä tahansa internet -yhteydelläsi. Yksinkertaisesti
sanottuna, Windows XP sisältää keskivertoa huonomman palomuurin. Tämä palomuuri EI ole
mikään korvike omistautuneelle palomuuriratkaisulle. Muista käyttää vain yhtä
palomuuria kerrallaan.

----------------------------------------------------------------

* Lataa Otmoveit3 by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTMoveIt3.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.[/list]
Koodi:
:files
C:\WINDOWS\TEMP\CSRSS.EXE
C:\WINDOWS\TEMP\IEXPLORE.EXE
C:\WINDOWS\TEMP\systray.exe
:commands 
[emptytemp]  
* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTMoveIt3.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Poista ne rivit jotka ovat vielä jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088347
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* OTMoveIt logi. raportti
*
*

Kenttu · 15.06.2009

Millä poistan tai mistä ja mitkä rivit?

Poista ne rivit jotka ovat vielä jäljellä:
Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2088347
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

kalminen · 15.06.2009

Poista ne rivit jotka ovat vielä jäljellä:

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)

Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

????
.

Kenttu · 15.06.2009

Juu tajusin just ku kirjotin sen.

Mut tos ois noi logit.

========== FILES ==========
File/Folder C:\WINDOWS\TEMP\CSRSS.EXE not found.
File/Folder C:\WINDOWS\TEMP\IEXPLORE.EXE not found.
File/Folder C:\WINDOWS\TEMP\systray.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\Sivuhistoria\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\~DF4B4C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT036eb.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06152009_151331

Files moved on Reboot...
C:\DOCUME~1\Tony\LOCALS~1\Temp\~DF12E7.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4c8.dat not found!
File C:\WINDOWS\temp\ZLT04481.TMP not found!
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:38 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SeekappSrch\seekapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tony\judui\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6832 bytes

kalminen · 15.06.2009

Oikein hyvä !!!

Täältä, kun saadaan puhtaan paperit niin OK:

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
.

Kenttu · 15.06.2009

Selvä.
joudun poistumaan koneelta hetkeksi mutta laitan login kun kerkiän.

kalminen · 15.06.2009

OK ei kiirettä pahin on voitettu D:

Kenttu · 15.06.2009

No niin täs ois nyt nää logit.

Malwarebytes' Anti-Malware 1.37
Tietokantaversio: 2283
Windows 5.1.2600 Service Pack 3

6/15/2009 9:07:22 PM
mbam-log-2009-06-15 (21-07-22).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 177413
Kulunut aika: 1 hour(s), 23 minute(s), 8 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 8
Saastuneita rekisteriarvoja: 1
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 5
Saastuneita tiedostoja: 7

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\iyhflbzh1.qs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iyhflbzh1.qs.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a555e0e-6240-dd93-198d-45f571d4fd9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digest32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: snapapi32.dll -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Application Data\Seekapp (Adware.Seekapp) -> Quarantined and deleted successfully.
c:\documents and settings\Tony\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\Tony\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
c:\documents and settings\all users\application data\Seekapp\seekapp122.exe (Adware.SeekApp) -> Quarantined and deleted successfully.
c:\system volume information\_restore{efda5835-1153-404c-8f67-8700157f5577}\RP114\A0022094.dll (Adware.NetPumper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wowfx.VIR (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Tony\application data\RegTool\Logs\2009-01-07 18-47-500.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:03 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SeekappSrch\seekapp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Tony\Pelit\AOE\age3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tony\judui\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6843 bytes

turpek2 · 15.06.2009

sitä se waretus teetää
Edit:tässä todisteet =P
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Tony\\Pelit\\Mirror's Edge-RELOADED\\asennettu\\Binaries\\MirrorsEdge.exe"="C:\\Tony\\Pelit\\Mirror's Edge-RELOADED\\asennettu\\Binaries\\MirrorsEdge.exe:*:Enabled:Mirror's EdgeT"
ei ostetussa peleissä tule Mirror's Edge-RELOADED kansiota
Omistan kyseisen pelin eikä missään lue RELOADED.. =D
No mutta se on ihan sama SORI tää offTopikki mut oli PAKKO mainita =P

warwas · 15.06.2009

turpek2 sanoi:

sitä se waretus teetää
Laajenna...

Miten yhdistät tämän wareen?
Arvelu EI kelpaa, faktoja kehiin tai se uitun turpa kiinni!

kalminen · 16.06.2009

Senverran otan kantaa tuohon Waretukseen, että jos omistaa puukon
eitee ihmisestä murhaajaa.

Näyttö Waretuksesta on mahdotonta. Kone on juuri ostettu käytettynä
ja siivotaan sitä kuntoon.

Piraatti Windows jota ei saa edes päivitettyä niitä en viitsi Fixsata.

-----------------------------------------

=> Kenttu:

*************************************************************

Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

**********************************************************

Siksipaljon oli pahiksia, että pitäis ajaa =>

Lataa Atribunen ATF Cleaner

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

----------------------------------------------

Skannaa koneesi Kaspersky Online Skannerilla

* Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
* Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
* Kun lataus on valmis, klikkaa Settings.
* Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

* Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
* Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
* Näet listan saastuneista kohteista. Klikkaa Save Report As....
* Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.

* Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera

.

Kenttu · 16.06.2009

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 16, 2009 15:35:13
Records in database: 2351533
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 87070
Threat name: 2
Infected objects: 1
Suspicious objects: 2
Duration of the scan: 01:57:07

File name / Threat name / Threats count
C:\Documents and Settings\Tony\Application Data\FileSubmit\5248\install\5B4D055\5248.msi Suspicious: Trojan-Downloader.JS.gen 2
C:\WINDOWS\Installer\1825dbf.msi Infected: Trojan-Downloader.VBS.Agent.wk 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:57 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\SeekappSrch\seekapp.exe
C:\Program Files\Spotify\spotify.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fi.com/fi/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ToggleFI Toolbar - {a95df5b3-97ae-4a89-8e8d-c65ec85f607e} - C:\Program Files\ToggleFI\tbTogg.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Tony\judui\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6894 bytes

kalminen · 17.06.2009

Hävitä koneeltasi => FileSubmit sydeemi.

* Tuplaklikkaa OTMoveIt3.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.[/list]
Koodi:
:files
C:\Documents and Settings\Tony\Application Data\FileSubmit\5248\install\5B4D055\5248.msi
C:\WINDOWS\Installer\1825dbf.msi
:commands 
[emptytemp] 
* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTMoveIt3.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************

Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTMoveIt.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

--------------------------------------------------------------------------

Lähetä => OTMoveIt logi.

Toimiiko koneesi nyt kunnolla ???
.

Kenttu · 17.06.2009

Kyllähän se tuntuu toimivan ihan moitteettomasti. Paljon kiitoksia.

tässä ois tää logi mutta se on tehty clean upin jälkeen kun ensimmäinen logi hävis tai en muistanu tallentaa sitä.

========== FILES ==========
File/Folder C:\Documents and Settings\Tony\Application Data\FileSubmit\5248\install\5B4D055\5248.msi not found.
File/Folder C:\WINDOWS\Installer\1825dbf.msi not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tony\LOCALS~1\Temp\~DFA2C6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_45c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04e40.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax-j scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx-j scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06172009_150837

Files moved on Reboot...
C:\DOCUME~1\Tony\LOCALS~1\Temp\~DFA2C6.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_45c.dat not found!
File C:\WINDOWS\temp\ZLT04e40.TMP not found!
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx-j moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat-j moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax-j moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax-j moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.
C:\Documents and Settings\Tony\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx-j moved successfully.

Registry entries deleted on Reboot...

kalminen · 17.06.2009

Onko sulla virusturva kunnossa ???

Nämä on kevyet lisä suojat:

* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.

Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt tai n.1700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

-----------------------------------------------------

* Asenna SpywareBlaster!
SpywareBlaster estää haittaohjelmien asentumista koneelle.
Lataus ja ohjeet: TÄÄLTÄ

Hyvät kesät sinne
.

Kenttu · 17.06.2009

Voishan nuokin vaikka laittaa ni on ainakin varmasti virusturva kunnossa. Samoin sinne ja kiitokset vielä.

Kirjaudu tai liity jäseneksi

Troijalainen kiusaa,hit log

Jonee Guest

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

turpek2 Regular member

warwas Guest

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Troijalainen kiusaa,hit log

Jonee Guest

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

turpek2 Regular member

warwas Guest

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

kalminen Regular member

Kenttu Member

Jaa tämä sivu

Hyödyllisiä hakuja