Hjt logi Onko kone puhdas?

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi jusa_92 03.09.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. jusa_92

    jusa_92 Member

    Liittynyt:
    12.03.2006
    Viestejä:
    17
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 15:48:55, on 3.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mcrbiukazdnco.org/Ofn76g50xwm7LgiNsvOF/u4LoxITO7YTRtCx6ebB4zFLuFDF67ffC1G0MbZoBrwt.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
    O2 - BHO: (no name) - {EADCC17F-7CAE-6AE6-0AD5-8F3D83AC4048} - C:\DOCUME~1\Omistaja\APPLIC~1\PingLogo\does chic.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
    O4 - HKLM\..\Run: [hold bias active tray] C:\Documents and Settings\All Users\Application Data\EachMediaHoldBias\Timeonce.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [BallCurb] C:\DOCUME~1\Omistaja\APPLIC~1\BOOKLI~1\Win Upload Global.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
    jusa_92, 03.09.2006
    #1
  2.  
  3. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Moi. Siivoillaas vähän:
    Lataa New.netfix
    http://noahdfear.geekstogo.com/click counter/click.php?id=9
    [*]Tallenna tiedosto työpöydällesi.
    [*]Tupla-klikkaa sitä, ja sitten klikkaa [bold]Start[/bold] purkaaksesi sen sisällöt omaan kansioonsa.
    [*]Avaa uusi kansio ja tupla-klikkaa [bold]RunThis.bat[/bold] tiedoston ajaaksesi työkalun.
    [*]Seuraa ohjeita ja postita[bold]new.net.txt[/bold] tiedoston sisältö seuraavaan postiisi.

    Lisäksi:
    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/
    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16
    [*]Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    [*]Tuplaklikkaa NoLop.exe ajaaksesi sen
    • Klikkaa nappulaa "[bold]Search and Destroy[/bold]"
      [bold]<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>[/bold]
    • Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    • Klikkaa "[bold]REBOOT[/bold]"-painiketta.
    • [bold]NoLopin[/bold] pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä [bold]C:\NoLop.log[/bold]-tiedoston sisältö uuden HijackThis-lokin kera.
     
    Viimeksi muokattu: 03.09.2006
    kairis, 03.09.2006
    #2
  4. jusa_92

    jusa_92 Member

    Liittynyt:
    12.03.2006
    Viestejä:
    17
    Kiitokset:
    0
    Pisteet:
    11
    Noniin hijackthis loki puhdistusten jälkeen ja voiko ton nolop ohjelman suorittaa myös tässä meiän paremmalla koneella?

    Logfile of HijackThis v1.99.1
    Scan saved at 19:33:10, on 3.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
    O2 - BHO: (no name) - {EADCC17F-7CAE-6AE6-0AD5-8F3D83AC4048} - C:\DOCUME~1\Omistaja\APPLIC~1\PingLogo\does chic.exe (file missing)
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [hold bias active tray] C:\Documents and Settings\All Users\Application Data\EachMediaHoldBias\Timeonce.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BallCurb] C:\DOCUME~1\Omistaja\APPLIC~1\BOOKLI~1\Win Upload Global.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
    jusa_92, 03.09.2006
    #3
  5. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Laita tuo HijackThis omaan hakemistoonsa esim. näin: c:\hjt\hijackthis.exe, nyt backupit toimii.
    Toki voit ajaa sen NoLopin toisessa koneessa. Ajoitko muuten sen NoLopin tässä koneessa?

    Vieläkin sulta löytyy Lop-infektio, joten käytämme tätä:
    Lataa Findlop
    http://metallica.geekstogo.com/findlop.zip
    pura zippi, tuplaklikkaa findlop.bat
    loki on täällä -> C:\findlop.txt.
    Lähetä tuo loki ja uusi HJT-loki.
     
    Viimeksi muokattu: 04.09.2006
    kairis, 03.09.2006
    #4
  6. jusa_92

    jusa_92 Member

    Liittynyt:
    12.03.2006
    Viestejä:
    17
    Kiitokset:
    0
    Pisteet:
    11
    Noniin logit tulee nyt tässä!

    Logfile of HijackThis v1.99.1
    Scan saved at 15:14:28, on 4.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
    O2 - BHO: (no name) - {EADCC17F-7CAE-6AE6-0AD5-8F3D83AC4048} - C:\DOCUME~1\Omistaja\APPLIC~1\PingLogo\does chic.exe (file missing)
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [hold bias active tray] C:\Documents and Settings\All Users\Application Data\EachMediaHoldBias\Timeonce.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BallCurb] C:\DOCUME~1\Omistaja\APPLIC~1\BOOKLI~1\Win Upload Global.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1091107627
    .job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
    Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1091107627"'
    WorkingDirectory: ''
    Comment: ''
    Creator: 'Omistaja'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 00/00/0000 0:00:00
    NextRun: 00/00/0000 0:00:00
    StartError: SCHED_S_TASK_HAS_NOT_RUN
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 1
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    No triggers
     
    jusa_92, 04.09.2006
    #5
  7. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa” do a system scan only ”.
    Merkkaa nämä rivit ja paina Fix checked :

    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
    O2 - BHO: (no name) - {EADCC17F-7CAE-6AE6-0AD5-8F3D83AC4048} - C:\DOCUME~1\Omistaja\APPLIC~1\PingLogo\does chic.exe (file missing)
    O4 - HKCU\..\Run: [BallCurb] C:\DOCUME~1\Omistaja\APPLIC~1\BOOKLI~1\Win Upload Global.exe
    O4 - HKLM\..\Run: [hold bias active tray] C:\Documents and Settings\All Users\Application Data\EachMediaHoldBias\Timeonce.exe

    Seuraavaksi poistat seuraavat [bold]kansiot/tiedostot[/bold] vaikka Oman tietokoneen kautta. (jos löytyy):
    C:\Program Files\NewDotNet<<tuo
    C:\DOCUME~1\Omistaja\APPLIC~1\PingLogo<<tuo
    C:\DOCUME~1\Omistaja\APPLIC~1\BOOKLI~1\Win Upload Global.exe<<tuo
    C:\Documents and Settings\All Users\Application Data\EachMediaHoldBias<<tuo
    Tyhjennä roskakori.

    [bold]-> Lataa ja asenna Ewido Anti-Spyware 4.0[/bold]
    http://aaxxeell.googlepages.com/ewido4
    Käynnistä [bold]Ewido Anti-Spyware[/bold]
    Klikkaa [bold]Update[/bold] kuvaketta ikkunan ylälaidassa
    Klikkaa [bold]Start update[/bold] nappia
    Odota päivitysten latautumista ja asentumista.

    [*]Kun päivitykset on ladattu, klikkaa "[bold]Scanner[/bold]" kuvaketta ikkunan ylälaidassa. Valitse sitten "[bold]Settings[/bold]" välilehti.
    [*]Kun [bold]"Settings"[/bold] valikko on auennut, klikkaa "[bold]Recommended actions[/bold]" ja sitten valitse "[bold]Quarantine[/bold]".
    [*]Sitten "[bold]Reports[/bold]" valikon alta:
    [*]Laita täppi kohtaan "[bold]Automatically generate report after every scan[/bold]"
    [*]Ota täppi pois kohdasta"[bold]Only if threats were found[/bold]"
    [*]Sulje ohjelma, [bold]ÄLÄ[/bold] skannaa vielä.
    Käynnistä koneesi vikasietotilaan, http://www.virustorjunta.net/module...Yleisohjeita+ongelmatilanteiden+ratkaisuun#37
    [bold]HUOM! [/bold]Älä käytä muita ohjelmia Ewidon skannauksen aikana, tämä saattaa häiritä skannausta.
    [*]Kun olet vikasietotilassa, käynnistä Ewido Anti-Spyware.
    [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "[bold]Scan[/bold]" välilehti. Sitten klikkaa "[bold]Complete System Scan[/bold]".
    [*]Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: [bold]TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" [/bold] [*]Varmistu, että [bold]Set all elements to:[/bold] näyttää [bold]Quarantine[/bold] (1), jos ei, klikkaa linkkiä ja valitse [bold]Quarantine[/bold] popup-valikosta.
    [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "[bold]Apply all actions[/bold]" http://img86.imageshack.us/img86/4586/scan1nx.jpg
    [*]Sitten klikkaa "[bold]Reports[/bold]" kuvaketta ohjelma yläosasta. [*]Klikkaa "[bold]Save report as[/bold]" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. Sulje ohjelma.
    Käynnistä kone normaalitilaan.
    Lähetä uusi HJT-loki ja Ewidon raportti.
     
    Viimeksi muokattu: 04.09.2006
    kairis, 04.09.2006
    #6
  8. jusa_92

    jusa_92 Member

    Liittynyt:
    12.03.2006
    Viestejä:
    17
    Kiitokset:
    0
    Pisteet:
    11
    Noniin sain tehtyä taas noi mitä käskit. Tässä tulee nyt tän hetkiset logit:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:45:38, on 4.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:36:43 4.9.2006

    + Scan result:



    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Adware.Delfin : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Mvu -> Adware.Delfin : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\picsvr -> Adware.Delfin : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3729485476-295928025-3183010487-1003\Software\Mvu -> Adware.Delfin : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3729485476-295928025-3183010487-1003\Software\picsvr -> Adware.Delfin : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
    C:\WINDOWS\lbbho.dll -> Adware.Neon : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall4_85.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3729485476-295928025-3183010487-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3729485476-295928025-3183010487-1003\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.33:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.179:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.87:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.88:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.46:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Omistaja\Cookies\omistaja@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.64:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.58:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.60:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.61:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.62:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.63:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.68:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.136:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.137:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.138:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.140:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.55:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.56:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.57:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.59:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.83:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.84:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.85:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.41:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.49:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.50:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.51:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.52:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.53:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.171:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.172:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.173:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.174:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.66:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.159:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.160:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.161:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.162:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.163:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.164:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
    :mozilla.44:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.45:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.258:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.259:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.261:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.262:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.263:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.264:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    :mozilla.260:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    :mozilla.47:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.48:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\default.haw\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


    ::Report end
     
    jusa_92, 04.09.2006
    #7
  9. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Moi. Nyt kaikki näyttää hyvältä.

    Tässä pari vinkkiä, että koneesi pysyy puhtaana:

    [bold]-> Käytä CCleaneria ->[/bold] http://www.ccleaner.com/downloadbuilds.asp
    Suosittelen, että valitsette lataussivulta vaihtoehdon CCleaner v1.30.310 - Basic, joka EI sisällä Yahoo toolbaria !

    * jos haluatte käyttää sitä niin muuttakaa seuraava asetus:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.
    Opas CCleanerin käyttöön löytyy
    http://www.nefernetti.com/ccleaner_opas.htm

    [bold]-> Asenna SpywareBlaster -> [/bold]
    http://www.javacoolsoftware.com/spywareblaster.html
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas:
    http://koti.mbnet.fi/pattaya1/spywareblaster.htm

    [bold]-> Asenna MVPS Hosts tiedosto ->[/bold]
    http://mvps.org/winhelp2002/hosts.htm
    Estää koneesi yhteyden haitallisiin sivustoihin.
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    [bold]-> Vaihda selaimesi Firefoxiin ->[/bold]
    http://www.mozilla.fi
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
    Saatavilla myös suomeksi!

    [bold]-> Pidä palomuuri ja virustorjunta ajan tasalla[/bold]
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
     
    kairis, 05.09.2006
    #8
  10. jusa_92

    jusa_92 Member

    Liittynyt:
    12.03.2006
    Viestejä:
    17
    Kiitokset:
    0
    Pisteet:
    11
    Joo kiitoksia paljon sulle!
     
    jusa_92, 05.09.2006
    #9
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu