|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Örkkejä koneessa. APUA!!!
|
|
|
akslei
Member
|
12. marraskuuta 2007 @ 14:30 |
Linkki tähän viestiin
|
Tässä HJT logi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:17, on 6.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home〈=fin
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A71312F-356D-4E0D-8198-3168A75AF658}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{70BB7B76-3FF9-423F-A1AC-7F44EB01A9EF}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7091 bytes
aki
|
|
tomato71
Suspended due to non-functional email address
|
12. marraskuuta 2007 @ 15:01 |
Linkki tähän viestiin
|
Moi
Poista lisää/poista sovelluksen kautta DAEMON Tools SearchBar ja jos löytyy WhenU alkusia
Poista kansio C:\Program Files\DAEMON Tools SearchBar ja jos löytyy WhenU alkusia
Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A71312F-356D-4E0D-8198-3168A75AF658}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{70BB7B76-3FF9-423F-A1AC-7F44EB01A9EF}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{039560D5-8E82-4676-9815-B8F9A48CDDF6}: NameServer = 85.255.115.28,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.200
Lataa fixwareout.exe täältä > Täältä
tai > Täältä
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.
Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö
www.virustorjunta.net
|
|
akslei
Member
|
13. marraskuuta 2007 @ 16:56 |
Linkki tähän viestiin
|
Username "Junnu" - 13.11.2007 16:52:47 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdvsy.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{039560D5-8E82-4676-9815-B8F9A48CDDF6}
"DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5A71312F-356D-4E0D-8198-3168A75AF658}
"DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{94879802-265A-4EE5-8BF3-CEA4D74D3BB0}
"DhcpNameServer"="85.255.115.28,85.255.112.200" <Value cleared.
DNS-tulkintatoiminnon välimuistin tyhjentäminen onnistui.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdvsy.ren 72211 13.06.2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
ja hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:43, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fin
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6454 bytes
aki
|
|
tomato71
Suspended due to non-functional email address
|
13. marraskuuta 2007 @ 17:10 |
Linkki tähän viestiin
|
ja sitten...
Palomuuri olisi hyvä asentaa koneelle tästä--->ilmanen
Poista Lisää/Poista sovelluksen kautta ShoppingReport
Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
*Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
*Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
*Käynnistä AVG Anti-Spyware.
*Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
*Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
*Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
*Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
*Sitten "Reports" valikon alta:
*Ota täppi pois kohdasta"Automatically generate report after every scan"
*Ota täppi pois kohdasta"Only if threats were found
*Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
*"Resident shield is", muuta tila active:sta inactive:ksi
*Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, [URL=http://www.virustorjunta.net/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Yleisohjeita+ongelmatilanteiden+ratkaisuun#37] Ohje![/URL]
Poista Kansio!!!!!!: C:\Program Files\ShoppingReport
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
*Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
*Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
*AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
*Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
*Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
*Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
*Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
*Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
Lähetä avg_loki ja uusi hjt-loki
www.virustorjunta.net
|
|
akslei
Member
|
13. marraskuuta 2007 @ 21:37 |
Linkki tähän viestiin
|
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:30:55 13.11.2007
+ Scan result:
HKLM\SOFTWARE\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSearch\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSearch\Partners\desktop -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSearch\WHSE -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8AE2DB22-63C1-4EEB-85F4-779186E6CE38}\RP41\A0005657.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.366:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.367:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.99:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.193:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.155:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.158:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.159:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.161:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.186:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Junnu\Cookies\junnu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.112:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.118:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.359:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.360:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.361:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.362:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.363:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.34:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.321:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.322:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.249:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.120:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.357:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.358:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.178:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.179:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.181:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.207:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.376:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.435:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.199:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.200:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.204:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.315:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.290:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.291:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.313:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.397:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.398:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.399:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.400:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.424:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.138:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.139:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.141:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.142:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.143:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Junnu\Cookies\junnu@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Junnu\Cookies\junnu@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.438:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.441:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.100:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.13:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Junnu\Cookies\junnu@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.147:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.148:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.149:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.150:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.151:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.125:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.83:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.103:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\Junnu\Application Data\Mozilla\Firefox\Profiles\mwgnj3u3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Junnu\Cookies\junnu@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
ja hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:17, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fin
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6359 bytes
aki
|
|
tomato71
Suspended due to non-functional email address
|
13. marraskuuta 2007 @ 21:43 |
Linkki tähän viestiin
|
|
Loki on OK
vielä ongelmia???
www.virustorjunta.net
|
|
akslei
Member
|
14. marraskuuta 2007 @ 19:07 |
Linkki tähän viestiin
|
|
Ei ole enään. Kiitos!
aki
|
|
Mainos
|
|
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 10:19 |
Linkki tähän viestiin
|
loppu puhdistus vielä
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
Avg roskis tyhjennys
Voit tyhjentää AVG:n karanteenin:
Avaa AVG Anti Spyware
-> Infections
-> Selet All
-> Remove finally
-> Kyllä
-> Sulje Ohjelma
Tyhjennä Roskakori
Putsaa järjestelmän palautus:
1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Properties/ominaisuudet
3. Valitse System Restore/järjestelmän palauttaminen välilehti
4. Valitse "Turn off System Restore"/poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Apply/käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin
www.virustorjunta.net
|
|
