AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
tiistai 11.11.2025 / 01:06
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > mainoksia virustorjunnoista, troijan hevonen yrittää tulla koko ajan!!!
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Mainoksia virustorjunnoista, Troijan Hevonen yrittää tulla koko ajan!!!
  Siirry:
 
Kirjoittaja Viesti
Sivu:12>
djteme
Junior Member
_ 		18. heinäkuuta 2006 @ 19:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 22:53:11, on 18.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\TEEMUH~1\APPLIC~1\SMANTE~1\fast.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.op.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {118A5843-E78C-8F76-A345-9A2B53CE8496} - C:\WINDOWS\System32\bbzm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tdas] "C:\DOCUME~1\TEEMUH~1\APPLIC~1\SMANTE~1\fast.exe" -vt yazr
O4 - HKCU\..\Run: [Sway] C:\Documents and Settings\Teemu Haka\Application Data\M?crosoft.NET\w?auboot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		19. heinäkuuta 2006 @ 06:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Etsi lisää/poista sovelluksesta PuritySCAN By OIN, OuterInfo, OIN tai ohjelma jolla samantapainen nimi , ja poista sen asennus.

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Jos ohjelmaa ei löydy, lataa ja aja tämä
http://www.outerinfo.com/OiUninstaller.exe
Uninstaller

http://www.outerinfo.com/howto.html
Ohje englanniksi uninstallerin käyttöön, jos tarvis

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Poista ohjauspaneelista:

Toolbar888

Lataa tuosta http://www.merijn.org/files/bfu.zipBrute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C:)" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfuOIKEA-KLIKKAA TÄSTÄ ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.
Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. heinäkuuta 2006 @ 06:28
djteme
Junior Member
_ 		19. heinäkuuta 2006 @ 19:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En tiedä mikä, mutta toi linkki ei toimi http://metallica.geekstogo.com/alcanshorty.bfuOIKEA-KLIKKAA
[ + lainaa]
spertti
Senior Member
_ 		19. heinäkuuta 2006 @ 19:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
http://metallica.geekstogo.com/alcanshorty.bfu OIKEA-KLIKKAA TÄSTÄ ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Kokeilepa uudestaan nyt
[ + lainaa]
-ReapeR-
Member
_ 		19. heinäkuuta 2006 @ 19:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
siinä on vaan tullu kämmi..
kokeiles tätä
http://metallica.geekstogo.com/alcanshorty.bfu

Edit:
spertti on nopeempi :(
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. heinäkuuta 2006 @ 19:45
djteme
Junior Member
_ 		19. heinäkuuta 2006 @ 20:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 0:12:52, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://keskustelu.afterdawn.com/thread_view.cfm/367776#2189878
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		20. heinäkuuta 2006 @ 06:39 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Fixaa nämä(do a system scan only, merkkaa ja paina fix checked):


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: Windows Update Manager Tool (UpdateManagerTool) - Unknown owner - C:\WINDOWS\update\updmangr.exe (file missing)

Sitten käynnistä -> suorita
kirjoita sc stop UpdateManagerTool ja klikkaa ok
sitten sc delete UpdateManagerTool ja klikkaa ok

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\WINDOWS\update
C:\kybrdc_4.exe
C:\dfndrc_4a.exe
C:\nwnmc_4.exe
C:\WINDOWS\System32\spnsvc.dll
C:\Program Files\ToolBar888
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe

Käynnistä uudelleen.

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Lähetä myös uusi HjT-loki.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
djteme
Junior Member
_ 		20. heinäkuuta 2006 @ 08:40 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
KASPERSKY ON-LINE SCANNER REPORT
Thursday, July 20, 2006 12:36:24 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208609
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 35784
Number of viruses found 13
Number of infected objects 206
Number of suspicious objects 0
Duration of the scan process 00:28:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8BCF062C-1ACA-456D-AB15-4BE0A0\D9299912-5584-4CED-B46C-FE5B87 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A5AED7E7-D0F9-40F8-AF57-4141BF\14A6A80F-6304-4E45-8856-7320C2 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A5AED7E7-D0F9-40F8-AF57-4141BF\9B38BB16-6EA5-4FFA-9F86-E3BBF6 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AE6FFE4A-2041-4FBE-96D5-46F931\3A12B8B5-1380-4F27-A68D-FFCD56 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AE6FFE4A-2041-4FBE-96D5-46F931\4FF0284F-B3EF-476E-9CDE-0BDE4A Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\temp.frE75B Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000cbac Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000d60c Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000e0bb Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000e4a3 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f27e Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f424 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f4b0 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000f712 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0000fe55 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00012594 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00013c58 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp000147a3 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0001bfa1 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00028dfd Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0002b963 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0003afe8 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00050900 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp0041a116 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp00493797 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temp\tmp01458f43 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\CF0RY9MX\!update-4095[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\OH2LK1O5\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N85M0307NetInstaller.exe Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\OH2LK1O5\WinAntiVirusPro2006FreeInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002575.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002576.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002580.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP14\A0002583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP15\A0002596.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP15\A0002617.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002704.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP16\A0002709.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002789.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002795.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP17\A0002799.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002912.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0002917.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003916.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003919.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003927.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP19\A0003940.dll Infected: Backdoor.Win32.Agent.vc skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003954.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003957.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003964.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003981.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003986.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP20\A0003999.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004028.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP21\A0004035.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004068.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004077.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004078.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004093.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004094.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP22\A0004097.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004120.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP23\A0004123.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004218.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004219.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004222.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004238.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004249.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004250.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004253.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004281.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004282.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004287.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004299.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004301.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP24\A0004304.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004316.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004317.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0004322.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0005368.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP25\A0005369.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005411.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005412.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP27\A0005413.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005521.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP30\A0005522.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP31\A0005789.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP31\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006406.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006415.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP43\A0006415.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP44\A0006474.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\WINDOWS\system32\awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\WINDOWS\system32\cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Temp\tmp0007b256 Infected: Trojan-Downloader.Win32.ConHook.ad skipped
Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 12:40:20, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.op.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		20. heinäkuuta 2006 @ 08:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eikös se fixaaminen onnistunut?

1. Klikkaa hiiren oikella CounterSpy-kuvaketta tehtäväpalkissa.
2. Liikuta hiirtä yli Active Protection-kohdan
3. Valikko ilmestyy ja klikkaa "Disable Active Protection oikealla".

Avaa HijackThis, klikkaa do a system scan only, laita rasti näiden rivien eteen ja paina fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager Tool] C:\WINDOWS\update\updmangr.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_4.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrc_4a.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_4.exe
O4 - HKLM\..\Run: [spnsvc] rundll32.exe C:\WINDOWS\System32\spnsvc.dll,start
O4 - HKLM\..\Run: [NI.UWA6P_0001_N85M0307] "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N85M0307NetInstaller.exe" -nag
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O20 - AppInit_DLLs: C:\WINDOWS\System32\notepad.dll

Lataa Atribunen http://www.atribune.org/ccount/click.php?id=1
ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
]Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
]Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Putsaa järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Tyhjennä tämä hakemisto:

C:\Documents and Settings\Teemu Haka\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ckrpol.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000
C:\WINDOWS\system32\cqc.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\dvcprop.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\k4jsle171h.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\mgndex.dll
C:\WINDOWS\system32\MJVCRTD.DLL
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mxdtctm.dll
C:\WINDOWS\system32\myminst.dll
C:\WINDOWS\system32\ondbse32.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ww32.exe

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Tyhjennä hakemisto:

C:\!Killbox

Skannaa uudestaan kasperskyllä

Lähetä sen jälkeen uus Hijack-logi ja kasperskyn raportti.

[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. heinäkuuta 2006 @ 08:53
djteme
Junior Member
_ 		20. heinäkuuta 2006 @ 09:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ei tässä ole sitä CounterSpy juttua.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		20. heinäkuuta 2006 @ 09:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Ainakin on ollut:

Running processes:

C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe

Jos ei enää ole, niin ohita se kohta. Ajattelin vaan, että jos se estää nuo fixit :)
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
djteme
Junior Member
_ 		20. heinäkuuta 2006 @ 19:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
KASPERSKY ON-LINE SCANNER REPORT
Thursday, July 20, 2006 11:22:35 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 208777
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 27373
Number of viruses found 7
Number of infected objects 74
Number of suspicious objects 0
Duration of the scan process 00:16:46

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000008.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000009.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000010.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000011.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000012.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000013.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000014.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000015.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000016.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000017.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000018.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000019.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000020.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000021.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000022.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000023.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000024.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000025.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000026.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000027.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000028.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000029.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000030.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000031.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000032.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000033.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000034.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000035.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000036.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000037.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{EC3D340A-8389-413F-BD52-A6F9B58AC5C7}\RP1\A0000038.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\system32\awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\WINDOWS\system32\cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\WINDOWS\system32\pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\WINDOWS\system32\ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\WINDOWS\system32\ww32.exe RarSFX: infected - 3 skipped
Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 23:23:23, on 20.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		21. heinäkuuta 2006 @ 06:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jaaha, kovemmat työkalut käyttöön kun ei lähde.

Tyhjennä ensin se järjestelmänpalautus antamieni ohjeiden mukaan. tehdä.

Sen jälkeen:

Fixaa tämä:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

1. Lataa http://swandog46.geekstogo.com/avenger.zipThe Avenger (c)työpöydällesi.
[*]Klikkaa Avenger.zip filua avataksesi sen.
[*]Pura Avenger.exe työpöydällesi.

2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:
Quote:
Files to delete:
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab
C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ckrpol.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000
C:\WINDOWS\system32\cqc.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\dvcprop.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\k4jsle171h.dll
C:\WINDOWS\system32\k826lifs1826.dll
C:\WINDOWS\system32\mgndex.dll
C:\WINDOWS\system32\MJVCRTD.DLL
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mxdtctm.dll
C:\WINDOWS\system32\myminst.dll
C:\WINDOWS\system32\ondbse32.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\ww32.exe

Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.
[*]"Script file to execute" alapuolelta valitse "Input Script Manually".
[*]Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
[*] Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
[*] Klikkaa Done.
[*] Nyt klikkaa ]vihreää valoa aloittaaksesi skriptin.
[*] Klikkaa "Yes" kun tulee kaksi varoitusboksia.

Avenger tekee automaattisesti seuraavat:
[*] Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa)
[*] Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
[*] Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
[*] Avenger on myös ]ehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa], ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.
5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HjT lokin mukana].
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. heinäkuuta 2006 @ 06:29
djteme
Junior Member
_ 		21. heinäkuuta 2006 @ 08:49 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dxyvhuqh

*******************

Script file located at: \??\C:\WINDOWS\System32\oprwtoqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\N019RGGW\WinAntiVirusPro2006FreeInstall[1].exe deleted successfully.
File C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\TOZ6JZX7\WinAntiVirusPro2006FreeInstall[1].cab deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\system32\awtqq.dll deleted successfully.
File C:\WINDOWS\system32\awtsr.dll deleted successfully.
File C:\WINDOWS\system32\awvtr.dll deleted successfully.
File C:\WINDOWS\system32\awvvw.dll deleted successfully.
File C:\WINDOWS\system32\ckrpol.dll deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1K26RL08\!update-4020[1].0000 deleted successfully.
File C:\WINDOWS\system32\cqc.dll deleted successfully.
File C:\WINDOWS\system32\ddabb.dll deleted successfully.
File C:\WINDOWS\system32\ddccc.dll deleted successfully.
File C:\WINDOWS\system32\ddcyx.dll deleted successfully.
File C:\WINDOWS\system32\dvcprop.dll deleted successfully.
File C:\WINDOWS\system32\gebcb.dll deleted successfully.
File C:\WINDOWS\system32\geebx.dll deleted successfully.
File C:\WINDOWS\system32\jkhfd.dll deleted successfully.
File C:\WINDOWS\system32\jkkjg.dll deleted successfully.
File C:\WINDOWS\system32\k4jsle171h.dll deleted successfully.
File C:\WINDOWS\system32\k826lifs1826.dll deleted successfully.
File C:\WINDOWS\system32\mgndex.dll deleted successfully.
File C:\WINDOWS\system32\MJVCRTD.DLL deleted successfully.
File C:\WINDOWS\system32\mljjk.dll deleted successfully.
File C:\WINDOWS\system32\mlljj.dll deleted successfully.
File C:\WINDOWS\system32\mv8ql9l51.dll deleted successfully.
File C:\WINDOWS\system32\mxdtctm.dll deleted successfully.
File C:\WINDOWS\system32\myminst.dll deleted successfully.
File C:\WINDOWS\system32\ondbse32.dll deleted successfully.
File C:\WINDOWS\system32\pmkhi.dll deleted successfully.
File C:\WINDOWS\system32\pmnlj.dll deleted successfully.
File C:\WINDOWS\system32\pmnno.dll deleted successfully.
File C:\WINDOWS\system32\ssttq.dll deleted successfully.
File C:\WINDOWS\system32\vtutt.dll deleted successfully.
File C:\WINDOWS\system32\ww32.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 12:49:43, on 21.7.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		21. heinäkuuta 2006 @ 08:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hyvältä näyttää :)

Aja kaspersky uudestaan ja lähetä sen raportti tänne.

Putsaa sitä ennen järjestelmänpalautus.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
djteme
Junior Member
_ 		21. heinäkuuta 2006 @ 09:33 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
KASPERSKY ON-LINE SCANNER REPORT
Friday, July 21, 2006 1:32:40 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 21/07/2006
Kaspersky Anti-Virus database records: 208957
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 31833
Number of viruses found 7
Number of infected objects 45
Number of suspicious objects 0
Duration of the scan process 00:18:47

Infected Object Name Virus Name Last Action
C:\avenger\backup.zip/avenger/!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\avenger\backup.zip/avenger/awtqq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awtsr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awvtr.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/awvvw.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ckrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/cqc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/ddabb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ddccc.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ddcyx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/dvcprop.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/gebcb.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/geebx.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/jkhfd.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/jkkjg.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/k4jsle171h.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/k826lifs1826.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mgndex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/MJVCRTD.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mljjk.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/mlljj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/mv8ql9l51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mxdtctm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/myminst.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/ondbse32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/pmkhi.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/pmnlj.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/pmnno.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ssttq.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/UERSJ_0001_N68M0902NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\avenger\backup.zip/avenger/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/vtutt.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].cab Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/WinAntiVirusPro2006FreeInstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar/dotrm.dll Infected: Trojan-Downloader.Win32.ConHook.ad skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar/dotdr.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip/avenger/ww32.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip/avenger/ww32.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\avenger\backup.zip ZIP: infected - 39 skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab CAB: infected - 1 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
Scan process completed.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		21. heinäkuuta 2006 @ 09:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Näköjään tullu lisää roskaa :(

Tämä -> C:\avenger\backup.zip on ok, siinä on avengerin varmuuskopiot.

Poista nuo, niin pitäis olla ok. Ja päivitä Windows eli asenna SP2

C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe

Vielä ongelmia?
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. heinäkuuta 2006 @ 09:39
djteme
Junior Member
_ 		21. heinäkuuta 2006 @ 18:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
En saa poistettua noita.....
Sit vielä että voinko mä poistaa nuo ohjelmat millä scannattiin ynnä muuta hommattiin.....?
[ + lainaa]
spertti
Senior Member
_ 		21. heinäkuuta 2006 @ 18:34 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Voit poistaa, mutta päivitä tosiaan tuo Windows. Sulla on niin paljon haavoittuvuuksia ilman noita uusimpia päivityksiä, ettei sua suojele minkäänlaiset ohjelmat. Eli nyt mars Windows Updateen!
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		22. heinäkuuta 2006 @ 08:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Näin ne lähtevät pois:

Avaa KillBox ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\Documents and Settings\Teemu Haka\Local Settings\Temporary Internet Files\Content.IE5\6GLXJ3V7\WinAntiVirusPro2006ScannerInstall[1].cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
djteme
Junior Member
_ 		26. heinäkuuta 2006 @ 07:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Öhöm.....taas tulee niitä mainoksia näkymään... Mitäs nyt?
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 07:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lähetä uusi HjT-loki. Ja päivitä Windows! Jos windows on edelleen XP ilman service packeja, niin ei mikään ihme ole, jos örkit pesii koneella.
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
djteme
Junior Member
_ 		26. heinäkuuta 2006 @ 08:31 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Olen asentanut service pack 2.


Logfile of HijackThis v1.99.1
Scan saved at 12:30:41, on 26.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\olthwado.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.op.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		26. heinäkuuta 2006 @ 08:44 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tarkista nämä:

C:\Program Files\Common Files\{04D6D603-07DA-1035-1021-051025050166}\Update.exe
C:\WINDOWS\system32\olthwado.exe

täällä -> http://www.virustotal.com/en/indexf.html
ja lähetä tulokset
[ + lainaa]
Ei HjT-lokeja tms. yksityisviestillä!
Mainos
_ 		__
 
_
djteme
Junior Member
_ 		26. heinäkuuta 2006 @ 09:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Antivirus Version Update Result
AntiVir 6.35.1.0 07.26.2006 no virus found
Authentium 4.93.8 07.26.2006 no virus found
Avast 4.7.844.0 07.26.2006 no virus found
AVG 386 07.25.2006 no virus found
BitDefender 7.2 07.26.2006 no virus found
CAT-QuickHeal 8.00 07.25.2006 no virus found
ClamAV devel-20060426 07.26.2006 Trojan.Starter-7
DrWeb 4.33 07.26.2006 Trojan.Starter.65
eTrust-InoculateIT 23.72.78 07.25.2006 no virus found
eTrust-Vet 12.6.2309 07.26.2006 no virus found
Ewido 4.0 07.26.2006 Trojan.Starter.65
Fortinet 2.77.0.0 07.26.2006 no virus found
F-Prot 3.16f 07.26.2006 no virus found
F-Prot4 4.2.1.29 07.26.2006 no virus found
Ikarus 0.2.65.0 07.26.2006 no virus found
Kaspersky 4.0.2.24 07.26.2006 no virus found
McAfee 4814 07.25.2006 no virus found
Microsoft 1.1508 07.26.2006 no virus found
NOD32v2 1.1679 07.26.2006 no virus found
Norman 5.90.23 07.26.2006 W32/Smalltroj.HEH
Panda 9.0.0.4 07.25.2006 Spyware/Virtumonde
Sophos 4.07.0 07.26.2006 no virus found
Symantec 8.0 07.26.2006 no virus found
TheHacker 5.9.8.181 07.25.2006 no virus found
UNA 1.83 07.25.2006 no virus found
VBA32 3.11.0 07.26.2006 Trojan.Starter.65
VirusBuster 4.3.7:9 07.25.2006 no virus found


Aditional Information
File size: 131072 bytes
MD5: 56615860fde60e74d9d57c77aa45e1b4
SHA1: d2ca76f19ece32f4c0acee492b9c68750d95cbcb
[ + lainaa]
 
Sivu:12>
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > mainoksia virustorjunnoista, troijan hevonen yrittää tulla koko ajan!!!
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy