|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Apua, kone puhtaaksi, katsotaas vielä kerran hjt.
|
|
Junior Member
|
26. maaliskuuta 2006 @ 13:43 |
Linkki tähän viestiin
|
|
Terve,
Nyt olisi asiantuntijan apu tarpeen, firefox selain aukoo säännöllisin väliajoin outoja "tyhjiä" yyy102.html sivuja uuteen välilehteen.
Tässä jotakin tietoja scannauksista:
ArchiveData(auto-quarantine- 2006-03-26 18-47-40.bckp)
Referencefile : SE1R100 23.03.2006
======================================================
ADWARE.LOOK2ME
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\WINDOWS\system32\j64olgh3164.dll
obj[1]=Process : C:\WINDOWS\system32\guard.tmp
Ja sitten...
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
C:\WINDOWS\SYSTEM32\lvjm09~1.dll Sun 26 Mar 2006 12.30.44 ..S.R 234 040 228,55 K
________________________________________________
5 756 items found: 5 754 files (1 H/S), 2 directories.
Total of file sizes: 1 312 341 701 bytes 1,22 G
Administrator Account = True
--------------------End log---------------------
eScan viruslogi:
File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\WINDOWS\system32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[2].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CMNOVH0Y\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CMNOVH0Y\AppWrap[2].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP10\A0010920.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP11\A0010930.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP12\A0010950.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP12\A0010962.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011165.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011224.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011237.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011238.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011239.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011386.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011390.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011391.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011392.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP13\A0011393.exe infected by "Backdoor.Win32.SdBot.aho" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011407.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011780.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011796.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011807.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011808.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011809.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011832.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011847.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011857.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011861.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011874.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011883.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011893.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011894.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011895.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011896.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011897.exe infected by "Trojan-Downloader.Win32.VB.yo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011898.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011899.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011901.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011902.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011903.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011904.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011905.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011906.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011907.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011908.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011909.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011910.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011911.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011912.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011913.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011915.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011919.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011920.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP15\A0011938.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011950.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011953.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011955.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011956.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011957.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011958.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011959.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011960.exe tagged as not-a-virus:AdWare.Win32.MediaTickets.r. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011961.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011971.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011972.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011973.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011974.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011977.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011988.exe infected by "Trojan-Proxy.Win32.Agent.if" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP16\A0011992.exe infected by "Trojan-Downloader.Win32.PurityScan.br" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011993.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011994.exe tagged as not-a-virus:AdWare.Win32.SaveNow.bo. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0011997.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012007.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012009.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0012014.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013018.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013020.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013022.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013027.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013055.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013205.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013211.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013231.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013235.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013257.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013258.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013283.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013284.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013309.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013310.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013354.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP17\A0013364.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013494.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013496.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013610.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013611.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013612.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013613.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013614.exe infected by "Backdoor.Win32.SdBot.aho" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013615.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013616.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013617.exe infected by "Backdoor.Win32.Rbot.apd" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013618.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013619.exe tagged as not-a-virus:AdWare.Win32.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013620.exe infected by "Trojan-Downloader.Win32.VB.yo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013621.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013622.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013623.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013624.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013625.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013626.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013627.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013628.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013629.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013630.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013631.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013632.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013633.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013634.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013635.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013636.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013637.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013638.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013639.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013640.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013641.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013642.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013643.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013644.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013645.exe tagged as not-a-virus:AdWare.Win32.Zestyfind. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013646.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013647.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013648.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013649.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013650.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013651.dll tagged as not-a-virus:AdWare.Win32.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013653.exe tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP18\A0013742.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0001151.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0001152.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0002160.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003158.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003159.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003160.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003167.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003168.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0003170.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004166.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004167.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004168.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004169.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004170.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0004172.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0005166.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006169.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006170.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006171.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP8\A0006172.exe infected by "Backdoor.Win32.Agobot.afk" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010442.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010469.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010480.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010481.exe infected by "Trojan-Downloader.Win32.Adload.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010483.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010484.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010489.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010494.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010566.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010570.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010573.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010577.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010660.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010668.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010675.DLL tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010732.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010745.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010746.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010752.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010756.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010757.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010761.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010766.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010767.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010770.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010775.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010776.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010780.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010785.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010786.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010895.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010901.exe infected by "Trojan-Downloader.Win32.Adload.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010902.exe infected by "Trojan-Downloader.Win32.Adload.x" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010904.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{E6E4F1FB-198B-4907-9074-B9A98682CF98}\RP9\A0010911.dll tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\WINDOWS\cfg\YazzleBundle-1125.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\WINDOWS\icont.exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
File C:\WINDOWS\Temp\bw2.com tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
Eli kyllä taitaa olla "jotain" pientä ylimääräistä. =)
Miten tästä eteenpäin?
|
AfterDawn Addict
|
26. maaliskuuta 2006 @ 13:47 |
Linkki tähän viestiin
|
|
|
Senior Member
|
26. maaliskuuta 2006 @ 14:00 |
Linkki tähän viestiin
|
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. maaliskuuta 2006 @ 14:23
|
Junior Member
|
26. maaliskuuta 2006 @ 15:35 |
Linkki tähän viestiin
|
Quote:
Käynnistä kone vikasietotilaan ja tyhjennä kansiot TEMP ja Temporary Internet Files:
C:\WINDOWS\Temp\ siis, poistetaanko temp kansion kaikki alikansiotkin?
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\ ? ei löydy ainakaan tuolta.
Vai tarkoitatko -> C:\WINDOWS\Temp\Temporary Internet Files -> Content.IE5\056v49af, g5mv8xyf, odexyz6j, qfmnu7ef sekä index, DAT-tiedosto. Nämä löytyy.
Mitä tarkoitit?
|
Junior Member
|
26. maaliskuuta 2006 @ 16:00 |
Linkki tähän viestiin
|
tässä HjT-logi:
Logfile of HijackThis v1.99.1
Scan saved at 21:50:29, on 26.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\fp2003fme.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
|
Senior Member
|
26. maaliskuuta 2006 @ 16:06 |
Linkki tähän viestiin
|
|
Escan lokista suoraan kopioitu:
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
"kemisti" jatkaa
|
Junior Member
|
26. maaliskuuta 2006 @ 16:15 |
Linkki tähän viestiin
|
Quote:
tapiiri (Junior Member) 26. maaliskuuta 2006 @ 14:06
Escan lokista suoraan kopioitu:
File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\5ISTI7W9\AppWrap[1].exe tagged as not-a-virus:AdWare.Win32.AdURL.c. No Action Taken.
Ok, kokeillaan mitä tapahtuu...
|
Junior Member
|
26. maaliskuuta 2006 @ 17:29 |
Linkki tähän viestiin
|
|
Noniin, nyt selvisi, aiemmin kirjauduin vikasietotilassa järjestelmän valvojana ja nyt omistajana, nyt sain tyhjennettyä tuon sisällön-> C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\
tutkinta jatkuu huomenna....
|
AfterDawn Addict
|
27. maaliskuuta 2006 @ 04:00 |
Linkki tähän viestiin
|
Juu, jatketaan :)
Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\fp2003fme.dll
Poista, jos löytyy:
C:\WINDOWS\system32\iexplore.exe
Lataa Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 ja tallenna se työpöydällesi
TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:
* Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
* Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
* Klikkaa OK.
* Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
* Toissijainen kirjautuminen
* Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
* Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja(eli siis Norton ja ewido pois päältä,oleellinen juttu!).
[*]Sulje kaikki ikkunat ennen jatkamista.
[*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
[*]Rastita Run this program as a task.
[*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
[*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
[*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
[*]Saat Done Scanning viestin, klikkaa OK.
[*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
[*]Tietokoneesi sammuttaa itsensä.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.
[/list]Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.
Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Koeta uudelleen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. maaliskuuta 2006 @ 04:00
|
Junior Member
|
27. maaliskuuta 2006 @ 13:09 |
Linkki tähän viestiin
|
Otetaas alusta, mulla on toinen kone nyt netissä (jolla nyt kirjoittelen) se kone(kannettava) joka on saastunut on tuossa vieressä eli, voin nyt seurata ohjeita tässä samalla.
Latasin mainitsemasi tiedostot/ohjelmat ja siirsin ne kannettavalle valmiiksi.
Tuota ->C:\WINDOWS\system32\iexplore.exe en löytänyt kun selailin system32 kansiota läpi, en tiedä sitten etsinkö oikeasta paikasta.
Toissijainen kirjautuminen on OK. eli Tila:käynnissä ja Käynnistystyyppi: automaattinen.
Tässä uusi logi: Koska ajoin HjT:n tänään logi ei näyttänyt enään samalta. Tämän ->O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe sain fixattua.
Logfile of HijackThis v1.99.1
Scan saved at 18:52:02, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\j0p0la7m1d.dll
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Fixataanko logista vielä jotain? Vai siirrynkö ajamaan Look2me -Destroyta?
Ja anteeksi kun vähän takkuaa tämä homma, ei vaan ole aiemmin tullut taisteltua näiden kanssa, joten kärsivällisyyttä. ;)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. maaliskuuta 2006 @ 14:03
|
AfterDawn Addict
|
27. maaliskuuta 2006 @ 14:29 |
Linkki tähän viestiin
|
|
Juu, l2mdestroyeriä seuraavaks vaan :)
|
Junior Member
|
27. maaliskuuta 2006 @ 14:55 |
Linkki tähän viestiin
|
noniin...
Tässä nämä:
Logfile of HijackThis v1.99.1
Scan saved at 19:48:22, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Ja sitten...
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 27.3.2006 19:34:12
Infected! C:\WINDOWS\system32\j0p0la7m1d.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\j0p0la7m1d.dll
C:\WINDOWS\system32\j0p0la7m1d.dll could not be deleted!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B64E8E60-F55D-4FDE-8363-21BB54F9386C}"
HKCR\Clsid\{B64E8E60-F55D-4FDE-8363-21BB54F9386C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B22CC086-941F-4E92-BCE8-B06876ACD1A5}"
HKCR\Clsid\{B22CC086-941F-4E92-BCE8-B06876ACD1A5}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0A04D312-B603-49C2-8115-127C7450F216}"
HKCR\Clsid\{0A04D312-B603-49C2-8115-127C7450F216}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{23B9B2DE-0F3B-4B47-ADDC-A70612DD047F}"
HKCR\Clsid\{23B9B2DE-0F3B-4B47-ADDC-A70612DD047F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FA533F0-095D-46FC-B724-8A8A7D99F277}"
HKCR\Clsid\{1FA533F0-095D-46FC-B724-8A8A7D99F277}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{42416379-D8D9-4EDC-8E1D-BCFAE7CE1CB3}"
HKCR\Clsid\{42416379-D8D9-4EDC-8E1D-BCFAE7CE1CB3}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2E3402A3-22BF-4ECC-849A-747FAA941339}"
HKCR\Clsid\{2E3402A3-22BF-4ECC-849A-747FAA941339}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A92E681B-8CE5-4650-B60D-97678726B86F}"
HKCR\Clsid\{A92E681B-8CE5-4650-B60D-97678726B86F}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded
|
AfterDawn Addict
|
27. maaliskuuta 2006 @ 15:20 |
Linkki tähän viestiin
|
|
Hmmm, katsopa löytyykö vielä -> C:\WINDOWS\system32\j0p0la7m1d.dll
Muuten tuo näyttää ok:lta.
|
Junior Member
|
27. maaliskuuta 2006 @ 15:30 |
Linkki tähän viestiin
|
|
Juu,löytyy...
Hain etsi toiminnolla kaikki .dll päätteiset ja sieltähän se löytyi.
Mitäs sille pitäis tehdä? poistaa varmaan mutta, saakohan sen pois ihan tuosta vaan?
|
AfterDawn Addict
|
27. maaliskuuta 2006 @ 15:32 |
Linkki tähän viestiin
|
Eipä saa.
Hae KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivi tosta alapuolelta
C:\WINDOWS\system32\j0p0la7m1d.dll
Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
Lähetä sen jälkeen uus Hijack This-logi.
|
Junior Member
|
27. maaliskuuta 2006 @ 15:53 |
Linkki tähän viestiin
|
Tehtävä suoritettu, kone heitti jotain herjaa sen jälkeen kun sen piti sammuttaa itse itsensä, no, klikkasin ok ja käynnistin koneen uudelleen alku meni tavanomaiseen tapaan mutta, pikakuvakkeet kesti tulla työpöydälle aika kauan, tiedä sitten onko merkitystä.
Mutta, nyt se uusi logi:
Logfile of HijackThis v1.99.1
Scan saved at 20:50:50, on 27.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoneraAgent] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Etsin uudestaan ko. tiedostoa, ja sietä se löytyy edelleen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. maaliskuuta 2006 @ 15:58
|
AfterDawn Addict
|
27. maaliskuuta 2006 @ 16:02 |
Linkki tähän viestiin
|
|
Uusi yritys
Avaa ja täppi kohtaan Replace on Reboot ja merkkaa use dummy
Sitte kopioi rivi tosta alapuolelta
C:\WINDOWS\system32\j0p0la7m1d.dll
Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
Tämän jälkeen tiedosto löytyy, mutta se on ns. dummyfile ja sen poisto pitäisi olla helppoa :)
|
Junior Member
|
27. maaliskuuta 2006 @ 16:21 |
Linkki tähän viestiin
|
|
Nyt onnistui ilman mitään herjoja, miten tuo nyt sitten pitäisi poistaa oikeaoppisesti? toistanko nyt sitten tuon aikaisemman killboxi kikkailun vai mitä?
Poistin sen jo, saa nähdä ilmaantuuko uudestaan.
Ad-Aware se:n tulos oli puhdas.
Nortonin virus-scan: Mites nämä?
Norton AntiVirus Quarantine Report
Created: 27. maaliskuuta 2006 22:28:01
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
woock32.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 229 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted
------------------------------------------------------------------------------
t08u0al9edq.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 230 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted
------------------------------------------------------------------------------
vusapi.dll
C:\WINDOWS\system32
Backup of a deleted Security Risk 230 KB Packed.Adware
Omistaja USER-BNOKLYKQH9 KOTI
27. maaliskuuta 2006 22:20:43
Not submitted
------------------------------------------------------------------------------
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. maaliskuuta 2006 @ 17:43
|
AfterDawn Addict
|
28. maaliskuuta 2006 @ 06:08 |
Linkki tähän viestiin
|
Voit yrittää poistaa sitä dll:ää ihan normaalisti. Pitäisi lähteä nyt pois ilman ongelmia.
Näkyy olevan muitakin l2m:n dll-filuja
Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. maaliskuuta 2006 @ 06:38
|
Junior Member
|
28. maaliskuuta 2006 @ 12:17 |
Linkki tähän viestiin
|
|
Tässä:
L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N?ytt?sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="N?yt?n CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K?ytt?liittym?n leikkeidenk?sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym?laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n?yt?n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym?laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym?laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym?laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht?v?t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht?v?palkki ja K?ynnist?-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S?hk?posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty?kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty?kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint?palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L?hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j?sent?j?"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v?limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K?ytt?liittym?n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k?sittelyst? (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist?"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K?ytt?j?tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk?sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil?it?..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play -laitteet"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
gdi32.dll Thu 29 Dec 2005 5.54.36 A.... 280 064 273,50 K
legitc~1.dll Tue 14 Feb 2006 10.20.14 ..... 550 120 537,23 K
s32evnt1.dll Tue 31 Jan 2006 15.35.34 A.... 91 904 89,75 K
webclnt.dll Wed 4 Jan 2006 6.35.10 A.... 68 096 66,50 K
4 items found: 4 files, 0 directories.
Total of file sizes: 990 184 bytes 966,98 K
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
atmtdd~1.tmp Wed 15 Mar 2006 13.40.38 A.... 0 0,00 K
1 item found: 1 file, 0 directories.
Total of file sizes: 0 bytes 0,00 K
**********************************************************************************
Directory Listing of system files:
Asemalla C ei ole nime?.
Aseman sarjanumero on BCF2-E93F
Kansio C:\WINDOWS\System32
27.03.2006 22:46 <KANSIO> dllcache
13.03.2006 14:24 <KANSIO> Microsoft
0 tiedosto(a) 0 tavua
2 kansio(ta) 74’961’350’656 tavua vapaana
|
AfterDawn Addict
|
28. maaliskuuta 2006 @ 12:23 |
Linkki tähän viestiin
|
|
Tuo on puhdas.
Tyhjennäpäs Nortonin karanteeni, nuo lähtee sillä pois.
|
Junior Member
|
28. maaliskuuta 2006 @ 14:10 |
Linkki tähän viestiin
|
|
Tyhjennetty, ajoin nyt vielä uudestaan nortonin virusscannin ja puhdasta näyttäis olevan.
Ad-Aware näyttää puhdasta.
Ewido näyttää puhdasta.
Lisäksi ajettu vielä RegSupreme.
Olisiko hyvä vielä olla jotain muita scannereita noiden lisäksi?
Mistä sitten mahtaa johtua että, koneen käynnistyminen on nyt hitaampaa?
Eli, työpöytä aukeaa jokseenkin ok, mutta kuvakkeet+ käynnistä palkki kestää avautua.
Asensin kyllä ewidon, voisko se johtua siitä, vai onko koneessa vieläkin jotain "ylimääräistä"?
Tai sitten, hidastaako se konetta jos on wintoosan palomuuri päällä kun käytössä on Norton Internet Security, jossa on oma palomuuri?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. maaliskuuta 2006 @ 14:11
|
AfterDawn Addict
|
28. maaliskuuta 2006 @ 14:30 |
Linkki tähän viestiin
|
|
Windowsin palomuuri ehdottomasti pois päältä, jos on Nortonin muuri käytössä :)
|
Junior Member
|
28. maaliskuuta 2006 @ 15:46 |
Linkki tähän viestiin
|
Wintoosan muuri on nyt pois päältä, ei vaikutusta.
Ilmeni uusia ongelmia, nimittäin netti ei nyt toimi kummallakaan selaimella. "palvelinta ei löydy"
Tulikohan koneesta poitettua nyt jotain netin toimintaan kuuluvaa.
Quote:
juupee1 (Newbie) 26. maaliskuuta 2006 @ 13:35
Quote:Käynnistä kone vikasietotilaan ja tyhjennä kansiot TEMP ja Temporary Internet Files:
C:\WINDOWS\Temp\ siis, poistetaanko temp kansion kaikki alikansiotkin?
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\ ? ei löydy ainakaan tuolta.
Vai tarkoitatko -> C:\WINDOWS\Temp\Temporary Internet Files -> Content.IE5\056v49af, g5mv8xyf, odexyz6j, qfmnu7ef sekä index, DAT-tiedosto. Nämä löytyy.
Mitä tarkoitit?
Mihin tarkkaanottaen tuo ->C:\WINDOWS\Temp\ vaikuttaa?
Ajattelin vaan jos kämmäsin sen tyhjennyksen kanssa jotain.
|
|
Mainos
|
|
|
AfterDawn Addict
|
28. maaliskuuta 2006 @ 15:50 |
Linkki tähän viestiin
|
|
|
|
