Oma hjt-logi. Ongelmana antivirusohjelmien yms. käynnistyksen esto.

Elikkä ongelmana tosiaan antivirusohjelmien ja palomuurin kuoleutuminen, jokin virus estää niiden käytön (nerokasta sinänsä) .
Pop-uppeja lykkää myös Mozillaa käytettäessä. Käyttiksenä toimii Win XP Pro.

Apua kaivataan, muista ohjelmista ei yllämainutusta syystä ole ollut apua.

Kiitos.


Logfile of HijackThis v1.99.1
Scan saved at 21:25:20, on 3.9.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\dfndrff_15.exe
C:\kybrdff_15.exe
C:\nwnmff_14.exe
C:\Program Files\VIA\RAID\raid_tool.exe
c:\stub_113_4_0_4_0newer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\YW1k\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\amd\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wkssvr.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [DHCP Hotfix] C:\dihd.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\Run: [qrmz] c:\stub_113_4_0_4_0newer.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\guard.tmp
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW1k\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Käypä hakemassa itsellesi service pack 1 ( http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx ). Ilman sitä koneesi saastuu koko ajan uudestaan eikä puhdistuksesta tule mitään. Katsotaan sitten eteenpäin.

 

No nyt tuli se asennettua, hankittiin kone kakkoskoneeksi joku viikko sitten ja tyhmyyksissäni ei edes käynyt mielessä että sieltä sp1/sp2 puuttuisi. Eikös sp2 kannata myös asentaa?

Nyt jokatapauksessa ykkönen asennettu, mites tästä eteenpäin?

 

Lähetä uusi HjT-loki. Että saadaan örkit pois.

 

@MFairplay :
[bold]ÄLÄ missään tapauksessa asenna vielä SP2:sta![/bold]
Ensin koneesi on puhdistettava haittaohjelmista.

 

Hehe hyvä etten asentanut sitä Laitan uuden login muutaman hetken sisään-->

Ja tuohon logi perään:

Logfile of HijackThis v1.99.1
Scan saved at 16:22:10, on 4.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\YW1k\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\dfndrff_15.exe
C:\kybrdff_15.exe
C:\nwnmff_14.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\amd\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wkssvr.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [DHCP Hotfix] C:\dihd.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\Run: [qrmz] c:\stub_113_4_0_4_0newer.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\lv8409lqe.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW1k\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

1. Lataa combofix.exe tiedosto (http://download.bleepingcomputer.com/sUBs/combofix.exe) työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

amd - ma 04.09.2006 16:43:04,85
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\amd\Ty”p”yt„

Microsoft Windows XP [versio 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{22B81A35-C1F4-433E-8D2F-1D056DC24E9D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B81A35-C1F4-433E-8D2F-1D056DC24E9D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B81A35-C1F4-433E-8D2F-1D056DC24E9D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22B81A35-C1F4-433E-8D2F-1D056DC24E9D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B90DD839-682D-424A-A5C4-1E9BDE79F788}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B90DD839-682D-424A-A5C4-1E9BDE79F788}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B90DD839-682D-424A-A5C4-1E9BDE79F788}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B90DD839-682D-424A-A5C4-1E9BDE79F788}\InprocServer32]
@="C:\\WINDOWS\\system32\\dostyle.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A06BD7EB-5517-43C6-B8CB-E74E7C346DE7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06BD7EB-5517-43C6-B8CB-E74E7C346DE7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06BD7EB-5517-43C6-B8CB-E74E7C346DE7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06BD7EB-5517-43C6-B8CB-E74E7C346DE7}\InprocServer32]
@="C:\\WINDOWS\\system32\\dtvacm.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\cgmpstui.dll
C:\WINDOWS\system32\dnr6019se.dll
C:\WINDOWS\system32\dostyle.dll
C:\WINDOWS\system32\dtvacm.dll
C:\WINDOWS\system32\hp2023fmg.dll
C:\WINDOWS\system32\kmdycc.dll
C:\WINDOWS\system32\lv8409lqe.dll
C:\WINDOWS\system32\o8660ijse8o60.dll
C:\WINDOWS\system32\osbcint.dll
C:\WINDOWS\system32\skrvdeps.dll
C:\WINDOWS\system32\uzrv80a.dll
C:\WINDOWS\system32\vapodbc.dll
C:\WINDOWS\system32\whnsta.dll


Granting sedebugprivilege to Järjestelmänvalvojat ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\dfndrff_14.exe
C:\dfndrff_15.exe
C:\drsmartload.exe
C:\drsmartload45a45f.exe
C:\drsmartload45a45g.exe
C:\drsmartload45a45h.exe
C:\drsmartload46a46f.exe
C:\drsmartload46a46g.exe
C:\drsmartload46a46h.exe
C:\drsmartload849a849f.exe
C:\drsmartload849a849g.exe
C:\drsmartload849a849h.exe
C:\deskbar.exe
C:\deskbar2.exe
C:\deskbar3.exe
C:\kybrdff_14.exe
C:\kybrdff_15.exe
C:\nwnmff_14.exe
C:\ucmoreiex.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\network monitor
C:\WINDOWS\YW1k


((((((((((((((((((((((((((((((( Files Created from 2004-08-06 to 2004.09.2006 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012.12.2002 00:14 7424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2012.12.2002 00:14 5504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2012.12.2002 00:14 5248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2012.12.2002 00:14 4096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2012.12.2002 00:14 130304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2009.10.2001 15:00 9600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2009.10.2001 15:00 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2009.10.2001 15:00 8832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2009.10.2001 15:00 84864 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2009.10.2001 15:00 79744 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2009.10.2001 15:00 7936 --a------ C:\WINDOWS\system32\drivers\fs_rec.sys
2009.10.2001 15:00 781184 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2009.10.2001 15:00 7680 --a------ C:\WINDOWS\system32\drivers\mcd.sys
2009.10.2001 15:00 6912 --a------ C:\WINDOWS\system32\drivers\parvdm.sys
2009.10.2001 15:00 63232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys
2009.10.2001 15:00 62208 --a------ C:\WINDOWS\system32\drivers\mf.sys
2009.10.2001 15:00 5888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys
2009.10.2001 15:00 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys
2009.10.2001 15:00 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2009.10.2001 15:00 57216 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2009.10.2001 15:00 55936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys
2009.10.2001 15:00 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2009.10.2001 15:00 49152 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2009.10.2001 15:00 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2009.10.2001 15:00 4352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys
2009.10.2001 15:00 4224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys
2009.10.2001 15:00 4224 --a------ C:\WINDOWS\system32\drivers\mnmdd.sys
2009.10.2001 15:00 4224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2009.10.2001 15:00 38912 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2009.10.2001 15:00 38016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys
2009.10.2001 15:00 37504 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2009.10.2001 15:00 352256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2009.10.2001 15:00 34944 --a------ C:\WINDOWS\system32\drivers\fips.sys
2009.10.2001 15:00 3456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys
2009.10.2001 15:00 34432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys
2009.10.2001 15:00 33792 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2009.10.2001 15:00 33280 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2009.10.2001 15:00 3328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2009.10.2001 15:00 330368 --a------ C:\WINDOWS\system32\drivers\srv.sys
2009.10.2001 15:00 32896 --a------ C:\WINDOWS\system32\drivers\ipfltdrv.sys
2009.10.2001 15:00 32512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2009.10.2001 15:00 31360 --a------ C:\WINDOWS\system32\drivers\atmepvc.sys
2009.10.2001 15:00 29568 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2009.10.2001 15:00 2944 --a------ C:\WINDOWS\system32\drivers\null.sys
2009.10.2001 15:00 28800 --a------ C:\WINDOWS\system32\drivers\modem.sys
2009.10.2001 15:00 27648 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2009.10.2001 15:00 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2009.10.2001 15:00 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2009.10.2001 15:00 26240 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2009.10.2001 15:00 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2009.10.2001 15:00 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2009.10.2001 15:00 23680 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2009.10.2001 15:00 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2009.10.2001 15:00 20232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2009.10.2001 15:00 200064 --a------ C:\WINDOWS\system32\drivers\RMCast.sys
2009.10.2001 15:00 19584 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2009.10.2001 15:00 18688 --a------ C:\WINDOWS\system32\drivers\partmgr.sys
2009.10.2001 15:00 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2009.10.2001 15:00 18048 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2009.10.2001 15:00 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys
2009.10.2001 15:00 172672 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2009.10.2001 15:00 16512 --a------ C:\WINDOWS\system32\drivers\raspti.sys
2009.10.2001 15:00 16256 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2009.10.2001 15:00 14976 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2009.10.2001 15:00 147072 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2009.10.2001 15:00 14592 --a------ C:\WINDOWS\system32\drivers\smclib.sys
2009.10.2001 15:00 14080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2009.10.2001 15:00 13952 --a------ C:\WINDOWS\system32\drivers\cbidf2k.sys
2009.10.2001 15:00 137088 --a------ C:\WINDOWS\system32\drivers\update.sys
2009.10.2001 15:00 13568 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2009.10.2001 15:00 125056 --a------ C:\WINDOWS\system32\drivers\ftdisk.sys
2009.10.2001 15:00 12416 --a------ C:\WINDOWS\system32\drivers\nwlnkflt.sys
2009.10.2001 15:00 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009.10.2001 15:00 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2009.10.2001 15:00 12032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys
2009.10.2001 15:00 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2009.10.2001 15:00 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2009.10.2001 15:00 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2009.10.2001 15:00 11904 --a------ C:\WINDOWS\system32\drivers\acpiec.sys
2009.10.2001 15:00 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2009.10.2001 15:00 11144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2009.10.2001 15:00 11136 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2009.10.2001 15:00 10496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2009.10.2001 15:00 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2009.09.2002 14:14 38024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2009.09.2002 14:14 115976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2009.09.2002 14:11 68992 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2009.09.2002 13:55 22016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2009.09.2002 13:47 23424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2009.09.2002 13:42 50688 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2009.09.2002 13:35 69120 --a------ C:\WINDOWS\system32\drivers\sr.sys
2009.09.2002 13:29 34048 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2009.09.2002 13:27 62464 --a------ C:\WINDOWS\system32\drivers\serial.sys
2009.09.2002 13:24 56448 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2009.09.2002 13:23 33152 --a------ C:\WINDOWS\system32\drivers\processr.sys
2009.09.2002 13:23 326912 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2009.09.2002 13:22 35072 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2009.09.2002 13:22 34560 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2009.09.2002 13:21 76160 --a------ C:\WINDOWS\system32\drivers\parport.sys
2009.09.2002 13:21 62848 --a------ C:\WINDOWS\system32\drivers\pci.sys
2009.09.2002 13:21 115584 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2009.09.2002 13:20 40064 --a------ C:\WINDOWS\system32\drivers\p3.sys
2009.09.2002 13:20 179456 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2009.07.2004 04:27 48512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2009.07.2004 04:26 83968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2009.07.2004 04:26 52096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2009.07.2004 04:26 18688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2009.07.2004 04:26 16384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2009.07.2004 04:26 15104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2009.07.2004 04:26 14976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2009.07.2004 04:26 11392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2009.07.2004 04:26 10880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2009.07.2004 04:26 10112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008.04.2003 11:30 3744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2005.10.2001 15:46 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2005.01.2006 06:46 1420288 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Microsoft Internet Explorer"="C:\\WINDOWS\\System32\\iexplore.exe"
"DHCP Hotfix"="C:\\dihd.exe"
"Winamp Agent"="C:\\WINDOWS\\System32\\winamp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qrmz"="c:\\stub_113_4_0_4_0newer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Windows Kernel System Service"="wkssvr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Windows Kernel System Service"="wkssvr.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Windows Kernel System Service"="wkssvr.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Windows Kernel System Service"="wkssvr.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: ma 04.09.2006 16:44:43,76
ComboFix.txt

 

Lähtihän sieltä roipetta Laita uusi hjt-loki vielä, niin katsotaan miten jatketaan eteenpäin.

 

Logfile of HijackThis v1.99.1
Scan saved at 16:52:21, on 4.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\wkssvr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\amd\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wkssvr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [DHCP Hotfix] C:\dihd.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\Run: [qrmz] c:\stub_113_4_0_4_0newer.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

Lataa Ewido (ohjeet & latausosoite -> http://aaxxeell.googlepages.com/ewido4) asenna ja päivitä ohjeiden mukaan. Älä skannaa vielä!

Laita piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä hjt, klikkaa do a system scan only, merkkaa:[bold]
F2 - REG:system.ini: Shell=Explorer.exe wkssvr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wkssvr.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [DHCP Hotfix] C:\dihd.exe
O4 - HKLM\..\RunServices: [Windows Kernel System Service] wkssvr.exe
O4 - HKCU\..\Run: [qrmz] c:\stub_113_4_0_4_0newer.exe
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
[/b]

Sulje muut ikkunat ja klikkaa fix checked.

Käynnistä kone vikasietotilaan ja poista seuraavat:
C:\WINDOWS\System32\[bold]iexplore.exe[/bold]
C:\[bold]dihd.exe[/bold]
c:\[bold]stub_113_4_0_4_0newer.exe[/bold]

Etsi Windowsin etsintätyökalulla tätä ja poista, jos löytyy:
[bold]wkssvr.exe[/bold]

Skannaa kone Ewidolla ja tallenna loki. Käynnistä takaisin normaalitilaan. Lähetä tuore hjt-loki ja Ewidon generoima loki.

 

Ewidon logi (laitoin ohjelman tekemään ne oletustoimenpiteet, toivottavasti näin kuului tehdä.)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:23:08 4.9.2006

+ Scan result:



C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\dfndrff_15[1].exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).
C:\Installer3.exe.vir -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundlenewer.exe.vir -> Adware.Look2Me : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\WINDOWS\system32\11702_netapi.exe -> Backdoor.Rbot.bgs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\38840_netapi.exe -> Backdoor.Rbot.bgs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\63760_netapi.exe -> Backdoor.Rbot.bgs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wkssvr.exe -> Backdoor.Rbot.bgs : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\aol_start[1].exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\aol.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\27MN8XCR\dfndrff_14[1].exe -> Downloader.Adload.ez : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\39ZFFDZX\kybrdff_14[1].exe -> Downloader.Adload.ez : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qaz -> Downloader.Ftp.cb : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\39ZFFDZX\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\5VPQ9175\ac3_0010[1].exe.vir -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\ac3_0010[1].exe.vir -> Downloader.Small : Cleaned with backup (quarantined).
C:\ac3_0010.exe.vir -> Downloader.Small : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgnew.exe.vir -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\5VPQ9175\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\39ZFFDZX\loader[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\CID203L3\kybrdff_15[1].exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\5VPQ9175\nwnmff_14[1].exe -> Downloader.VB.als : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\39ZFFDZX\drsmartload849a[1].exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\5VPQ9175\drsmartload45a[1].exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\Documents and Settings\amd\Local Settings\Temporary Internet Files\Content.IE5\5VPQ9175\drsmartload46a[1].exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.376:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\amd\Cookies\amd@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.217:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.218:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.215:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.216:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.150:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.124:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.125:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.113:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.149:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.203:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.204:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.206:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.167:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.168:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.169:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.170:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.171:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.75:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.231:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.312:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.63:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.179:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.313:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.407:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.408:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.409:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.92:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.401:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\amd\Cookies\amd@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.127:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.128:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.44:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.45:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.46:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.47:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.84:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.85:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.86:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.87:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.88:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.89:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.90:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.91:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.166:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.159:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.285:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.287:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.288:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.185:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.205:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.207:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.208:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\amd\Cookies\amd@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.279:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.138:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.139:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.66:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.126:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.59:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\amd\Application Data\Mozilla\Firefox\Profiles\4n2hkvkg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\amd\Cookies\amd@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Ja HjT- logi siinä:

Logfile of HijackThis v1.99.1
Scan saved at 18:26:17, on 4.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\amd\Työpöytä\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Poistettavana olisi ollut enemmänkin joitain .exe.vir tiedostoja, en poistanut kuitenkaan muita kuin mitä mainittiin. Kiitoksia tähänastisesta vaivannäöstä ja toivottavasti oma osuus tuli hoidettua oikein.

 

Hetkinen.. Eli skannasitko "Recommended actions" -asetuksella, jolloin vain kriittiset haittaohjelmat poistetaan? Jos kuitenkin teit täsmällisesti antamani linkin ohjeiden mukaan, niin sitten meni ok (siellä tosin neuvotaan muuttamaan asetuksia skannauksen "tehostamiseksi"). Nuo mainitsemasi exe.vir -tiedostot vähän vaivaavat. Missä niistä ilmoitettiin? Jos Ewido ilmoitti, niin kyllä nekin olisi pitänyt poistaa.

 

"Recommended actions" - nuilla asetuksilla tein, en muita ohjeita löytänyt(?). Jos se tarkemmin pitää tehdä niin onnistuuko se vielä? Käsittääkseni linkin ohjeilla kaikki olisi mennyt karanteeniin (linkissä muuten sulku liikaa ), nythän se poistikin tiedostoja.. Sano sinä jos vielä jaksat toisten ongelmia ratkoa=)

Ja ne tiedostot näkyi siellä muitten tiedostojen joukossa kun poistin ne mainitsemasi tiedostot. Olisiko kaksi tai kolme ollut samapäätteisiä tiedostoja vielä lisää. Ohjelma ei niistä tietääkseni maininnut (tietämykseni taas on mitä on)

Näyttikö nuo logit nyt miltä? Ainakin palomuuri lähti päälle.

 

Niinpäs on näköjään yksi merkki lipsahtanut liikaa Lokien puolesta homma näytti varsin hyvältä etenkin kun vertaa alkutilanteeseen

Nyt uskaltaisin jo ehdotella päivittelemään sp2:en ja Javan vanhat versiot lisää/poista sovellus -toiminnolla pois. Uusin versio täältä -> http://java.sun.com/javase/downloads/index.jsp (Java Runtime Environment (JRE) 5.0 Update 8)

Kun tuo Ewido kerran noita cookieita tuntui löytävän, niin suosittelen asentamaan surffausta turvaamaan päivitetyn HOSTS-tiedoston. Lisää tietoa täällä Aaxxeellin kirjoittamassa ohjeessa -> http://keskustelu.afterdawn.com/thread_view.cfm/320373

 

Oli varmasti tilanne heikko kun pikkuveljen koneeksi hankittiin ja asensin siihen vaan nuo pakolliset ohjelmat. Ja sitten kun en sitä oo pahemmin tutkinut niin ei tullut huomattua että palomuurit ja virusturvat oli jossain vaiheessa poissa käytöstä

No jos se nyt paremmalta näyttää niin pitää huomenissa päivitellä javat ja sp2, laitanko vielä lokia sen jälkeen? Sitten varmaan palomuuri ja virusturva kannattaa poistaa ja asentaa uusiksi? Mitä ohjelmia ammattilaiset suositelee (ilmaisia).
Täytyy tuo Hosts- homma varmaan suorittaa myös.

Uskaltaisiokohan sitä oman koneen lokia laittaa Mutta, kiitoksia tähänastisesta, nyt untenmaille.

 

Itse asiassa tuo Antivirin ja Sygaten yhdistelmä on aika suosittu, tosin Sygaten tuki on kuulema tulossa tiensä päähän. Itse suosin ilmaisista Avastin ja Zonealarmin yhdistelmää.

Uutta lokia ei tarvitse enää lähettää. Jos jotain outoa ilmenee, niin sitten voidaan katsoa. Saathan sinä sen oman lokisi halutessasi lähettää

 

Doddih.

Nyt on outpostin palomuuri ja avastin virustorjunta laitettu. Kaikki paitsi se HOSTS tiedosto kunnossa, pitää hoitaa sekin kunhan vain liikenee aikaa. Kone skulaa hyvin ja siitä kuuluu kyllä ehdoton kiitos sulle/teille! =)

Ja laitetaan nyt vielä tohon perään oman koneen logi, toivottavasti se olisi kunnossa. Ehhehe

Logfile of HijackThis v1.99.1
Scan saved at 19:04:42, on 5.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Markus\Omat tiedostot\Downloads Firefox\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://polttoaine.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.5\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.5\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE

 

Mukava oli auttaa

Lokissa ei muuta vikaa, mutta Burn4free on sellaisten listalla, jonka poistoa mahdollisesti suosittelen. Jos englanti taittuu, niin tässä lisätietoa -> http://www.sophos.com/virusinfo/analyses/burn4free.html

 

Tältä sivustolta muistaakseni bongasin tuon Burn4Free:n, mutta nyt se sai sitten kyytiä ja pitää ettiä joku toinen tilalle.

Tais tulla pisin ketju vähään aikaan (hjt-puolelle), nyt on kaikki reilassa ja Kiitokset vielä sadannen kerran. Heippa=)