Koneessa kuulemma TAAS jotakin häikkää. Hjt-logi.

Logfile of HijackThis v1.99.1
Scan saved at 16:57:40, on 14.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SMS-viesti - {16CAD19D-3F2B-4756-AEC2-57720F888E58} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {5E4AAEE1-7CF1-4730-BDDA-1065E3C80EAB} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {CDD5EE68-F9D9-49BE-B94B-5FA9267CCC59} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Mikä tämä on?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm

Koneessa oli elisa tietoturvapalvelu, mutta viimekertaisen siivouksen aikana poistin sen.

 

O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm <--- Tuo on elisa tietoturvapalvelun ponnahdusikkunoidenestopalveluun liittyvä tiedosto. Joten älä poista sitä =) Puhtaalta tuo näyttää mutta lueppas seuraava: Onko koneesi hidas? Tässä muutama ohje sen viritykseen.

Lataa tuosta Startup niminen ohjelma ja asenna se: http://www.mlin.net/files/StartupCPL.zip
Ohjelma tulee näkyviin Ohjauspaneeliisin nimellä Startup. Sillä voit ottaa koneen
käynnistyksen yhteydessä käynnistyviä turhia ohjelmia pois. Esim: Adobe Reader Speed Launch,
Neron BgMonitor, Nero FilterCheck, iTunesHelper, Messenger, SoundMan, CTFMON, Winamp Agent,
Real Player Update (Real Sched), Quicktime, TkBell yms.

Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1
Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma
etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös
puhdistettua rekisterisi.

Lataa tuosta RegSeeker ja pura se: http://fileforum.betanews.com/download/RegSeeker/1035382760/1
Pura se haluamaasi kansioo ja käynnistä tiedosto nimeltä RegSeeker.exe. Ohjelma oikeassa yläkulmassa
näet painikkeen 'languages', paina sitä ja aseta kieleksi suomi! Sen jälkeen paina vasemmassa laidassa
olevaa painiketta 'Puhdista Rekisteri' ja sen jälkeen 'OK'. Odota että skannaus loppuu ja paina 'valitse'
ja sitten 'valitse kaikki'. Sitten klikkaat hiiren oikealla jotain ohjelman löytänyttä kohdetta ja paina
'poista valitut kohteet', hyväksy poisto, hyväksy varmuuskopionluonti ja käynnistä kone uudelleen. Jos
jotain ongelmia niin backupit saat palautettua 'varmuuskopiot' valikosta.

 

Mutta kun siinä koneessa ei pitäisi olla enää mitään elisan tietoturvapalvelusta. Se en poistettu muutamia kuukausia sitten.

Katon huomenna konetta, kun pääsen sen luokse. En tiedä yhtään, mikä siinä on vikana. Omistaja vaan sanoi, että joku taas tökkii. Tais puhua, ettei suostu välillä sulkemaan mozillan ikkunoita ja sitten käynnistyksessä on jotakin häikkää.

 

Puhdistakaa se kone nyt nuilla ohjelmilla. Eikä mikään ihme jos käynnistyksessä on ongelmia kun siel on 5 semmosta ohjelmaa mitä mä itse ottaisin pois mutta en pakota tekemään mitään =) ne ohjelmat olis: TkBellExe, CTFMON.EXE, SoundMan, Winamp Agent, SunJavaUpdateSched. Javan voi päivittää manuaalisesti kun menee käynnistä -> asetukset -> ohjauspaneeli -> java -> update välilehti -> update now painike. Ja tuo RegSeekerin tekemä rekisterinpuhdistus auttaa yleensä aika paljon kaikkeen sitten =)

 

Escan löysi 97 virusta kyseisestä koneesta =( On kuitenkin edelleen hidas. En tosin vielä ole ehtinyt poistaa noita joitakin startupista. Olisko jotakin muuta virusohjelmaa, jolla kannattaisi skannata kone?

 

laita se escan virus loki tänne

aja tuosta

Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
• Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
• Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
• Käynnistä AVG Anti-Spyware.
• Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

• Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
• Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
• Sitten "Reports" valikon alta:

o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"

• Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
• "Resident shield is", muuta tila active:sta inactive:ksi
• Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,

sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
• Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

C:\hjt\HijackThis.exe <-- nimeä uudelleen pommiksi
Laita myös uusi hjt loki

 

Koneen omistaja väitti, ettei saanut kopioitua sitä viruslogia, joten en voi sitä laittaa

Ja tyhmä kysymys: Voiko lisää tai poista sovelluksesta poistaa vanhoja windowsin suojauspäivitykyksiä tai hotfixeja? Ja vievätkö ne ylipäänsä edes tilaa eli, onko mitään järkeä edes poistaa niitä?

 

Anna olla ne windowsin päivitykset rauhassa.

laita tosta avg anti-spywaresta se loki tänne.

Poista siellä vikasiedossa kansio

C:\Program Files\Elisa Tietoturvapalvelu

Onkos siinä konessa jotain Ongelmia

escan viruslokin kopiointi

jos ala luukkuun tulee jotain niin kopioi se näin:
Klikkaa siihen alaluukkuun kerran.
Käytä komentoa Ctrl+A. <-- maalaa sen
Kopioi rivit komennolla Ctrl+C. <-- kopioi sen
Liitä rivit komennolla Ctrl+V. <-- liittää sen

Laita virus log tänne.

 

Jatkan Chili80 puolesta hänen siskon koneen puhdistamista.
Tuossa tuo "lyhyt" logi.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:07:57 27.2.2007

+ Scan result:



C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP80\A0056556.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna\DoctorWeb\Quarantine\A0207715.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna\mny.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\mny.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/mny.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0190730.dll -> Adware.Comet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna\DoctorWeb\Quarantine\A0187479.exe -> Adware.DollarRevenu : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/windows_e52.exe -> Adware.DollarRevenu : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/ESSPChck.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/FlFxr15.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/FxCore.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/InstHelp.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/MMFx.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/emptyERSF.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchUpgrader -> Adware.KeenValue : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0136133.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0136142.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0167313.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187492.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187496.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187497.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187644.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187650.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187661.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP61\A0041822.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP61\A0041823.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP61\A0041824.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP61\A0041825.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP61\A0041826.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0207727.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/yz02.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP85\A0056698.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187507.dll -> Adware.PrintView : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Yinstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0136153.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0136174.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0138162.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0139158.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0140155.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0141176.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0142166.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0142186.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0143159.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0144133.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0144180.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0145153.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0146152.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0147152.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0149149.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0150160.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0151149.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0152156.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0153234.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0154222.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0155230.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0165251.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187514.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187594.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\Install.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem1DFB.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem404.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem40F.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem417.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem47A.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem4CA.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem55D.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem646.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem7D9.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\Tem856.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\TemB0F.tmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Related.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\images -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware\OriginalAutoSearch -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3713914087-1085326397-1295209744-1005\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0165335.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0165336.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0165337.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0190685.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0190686.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0190687.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0190689.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0207699.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/DXC9.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187495.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187495.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187495.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187508.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187511.dll -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP76\A0055753.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8F8B89E6-7403-484C-BE05-D5E50B10C18E}\RP76\A0055755.lnk -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/Updater.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0207716.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/iconu.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187489.exe -> Downloader.Adload : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/windows_e53.exe -> Downloader.Adload.ncs : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187718.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\backup-20061114-203250-675.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/Error Safe Free/ersd.sys -> Rootkit.Agent.af : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Susanna \Application Data\Mozilla\Firefox\Profiles\x2vlz2kp.Oletuskäyttäjä\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.13:C:\Documents and Settings\Susanna \Application Data\Mozilla\Firefox\Profiles\x2vlz2kp.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0187719.exe -> Trojan.BHO.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0207719.exe -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\A0210529.exe -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\Documents and Settings\Susanna \DoctorWeb\Quarantine\Dc43.exe -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/pp4ico.exe -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/druid_unknown.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/druid_unknown.exe-ren-283 -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\virusohjelmat\avenger\backup.zip/avenger/durvilx.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).


::Report end




SITTEN VIELÄ AD AWAREN LOGI - Lyhensin sitä niin että siinä näkyy pääpiirteet vain. Mitä pitäisi tehdä?




Ad-Aware SE Build 1.06r1
Logfile Created on:27. helmikuuta 2007 18:01:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R155 26.02.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.DollarRevenue(TAC index:10):14 total references
Adware.P2PNetworking(TAC index:3):2 total references
Adware.SearchingAll(TAC index:4):1 total references
CoolWebSearch(TAC index:10):9 total references
ErrorGuard(TAC index:7):3 total references
ErrorSafe(TAC index:10):20 total references
MRU List(TAC index:0):24 total references
SpywareStormer(TAC index:3):3 total references
Starware Toolbar(TAC index:5):3 total references
UCmore(TAC index:3):1 total references
Win32.Trojan.Downloader(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

ErrorSafe Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\error safe free

ErrorSafe Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\error safe free

ErrorSafe Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\error safe free
Value : ProductCode

ErrorSafe Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\error safe free
Value : Abbr

ErrorSafe Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\error safe free
Value : InstallPath

ErrorSafe Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\error safe free
Value : ActivationCode

SpywareStormer Object Recognized!
Type : Folder
TAC Rating : 3
Category : Misc
Comment : SpywareStormer
Object : C:\Program Files\Spyware Stormer

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\maxthon

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : Start

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ErrorControl

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ImagePath

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : DisplayName

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ObjectName

Adware.DollarRevenue Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor
Value : Start

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor
Value : ErrorControl

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor
Value : ImagePath

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor
Value : DisplayName

Adware.DollarRevenue Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\network monitor
Value : ObjectName

ErrorGuard Object Recognized!
Type : Folder
TAC Rating : 7
Category : Malware
Comment : ErrorGuard
Object : C:\Program Files\ErrorGuard

Starware Toolbar Object Recognized!
Type : RegData
Data : no
TAC Rating : 5
Category : Adware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 81

18:09:29 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:00.391
Objects scanned:91353
Objects identified:57
Objects ignored:0
New critical objects:57

Millä tavalla noiden uusien virusten tuloa voisi estää??? AVG, palomuuri, AdAware ja Windows Defender on nyt koneella.

 

ajas escan

Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

Poista koneelta vikasiedossa

C:\Documents and Settings\All Users\Application Data\Starware
C:\virusohjelmat\avenger
C:\Documents and Settings\Susanna \DoctorWeb
deletoi AVG Anti-Spywaren karanteenissä olevat