Logi (kait)

syste.exe:

Service load: 0% 100%

File: Syste.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: -

AntiVir No viruses found
Avast No viruses found
AVG Antivirus No viruses found
BitDefender BehavesLike:Win32.Backdoor (probable variant)
ClamAV No viruses found
Dr.Web No viruses found
F-Prot Antivirus No viruses found
Fortinet No viruses found
Kaspersky Anti-Virus No viruses found
mks_vir Trojan.Downloader.Bouj
NOD32 probably unknown NewHeur_PE (probable variant)
Norman Virus Control Sandbox: W32/Malware; [ General information ]

* File length: 40960 bytes.

[ Changes to registry ]
* Creates value "Anti-Virus Update Scheduler V1.39.12R"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 490.

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).

Statistics
Last piece of malware found was BehavesLike:Win32.Backdoor in Syste.exe, detected by:

Scanner Malware name
AntiVir X
Avast X
AVG Antivirus X
BitDefender BehavesLike:Win32.Backdoor
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
mks_vir Trojan.Downloader.Bouj
NOD32 probably unknown NewHeur_PE
Norman Virus Control Sandbox: W32/Malware



Service statistics:

3527 files (2899 of those unique) have been uploaded & scanned since 24/03/2005, the day of the last database purge.
854 of those 2899 files contained a virus or any other form of malware.
This page has been visited 7319 times in this time period.
This service managed to spot 79 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1704 suspicious files without any help from scanner results.
However, 5 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.83% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them!
Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 27 times I_BPK2003_test.zip
2 worm/procil.a.1 26 times Dragonbot.exe
3 win32.mydoom.1.gen@mm 16 times readme.pi_
4 tr/sckeylog.h 14 times Aimbot.zip
5 win32:trojan-gen. {other} 12 times NewVachack1.exe
6 trojan-downloader.win32.qoologic.i 10 times ssippib.dll
7 w32/mewpacked.gen 10 times mew.exe
8 worm/robobot 9 times install.exe
9 trojan.muldrop.1679 9 times server.exe
10 behaveslike:trojan.downloader 9 times trk_0002[1].exe
11 behaveslike:trojan.lowzones 9 times IELower.exe
12 worm/zusha.a 9 times dead.exe
13 backdoor.rbot.7c6c7cdc 9 times drxBot.exe
14 modification of win32.radix.24576 8 times CELERON36363636363636363636.ex
15 tr/dldr.istbar.ok.2 8 times p-jmav17.zip





C:\m1.exe

Service load:
0% 100%
File: Syste.exe Status:
INFECTED/MALWARE
Packers detected:
-
AntiVir
No viruses found
Avast
No viruses found
AVG Antivirus
No viruses found
BitDefender
BehavesLike:Win32.Backdoor (probable variant)
ClamAV
No viruses found
Dr.Web
No viruses found
F-Prot Antivirus
No viruses found
Fortinet
No viruses found
Kaspersky Anti-Virus
No viruses found
mks_vir
Trojan.Downloader.Bouj
NOD32
probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Sandbox: W32/Malware; [ General information ]

* File length: 40960 bytes.

[ Changes to registry ]
* Creates value "Anti-Virus Update Scheduler V1.39.12R"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 490.

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
Statistics Last piece of malware found was Bifrose.D in joke.exe, detected by:

Scanner Malware name
AntiVir BDS/Bifrose.d.8
Avast X
AVG Antivirus BackDoor.Small.5.AW
BitDefender Backdoor.Bifrose.D
ClamAV Trojan.Bifrose-4
Dr.Web BackDoor.Bifrost
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Bifrose.d
mks_vir Trojan.Bifrose.D
NOD32 probably unknown NewHeur_PE
Norman Virus Control Bifrose.D


Service statistics:

3522 files (2896 of those unique) have been uploaded & scanned since 24/03/2005, the day of the last database purge.
853 of those 2896 files contained a virus or any other form of malware.
This page has been visited 7313 times in this time period.
This service managed to spot 79 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1703 suspicious files without any help from scanner results.
However, 5 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.83% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them! Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 27 times I_BPK2003_test.zip
2 worm/procil.a.1 24 times Dragonbot.exe
3 win32.mydoom.1.gen@mm 16 times readme.pi_
4 tr/sckeylog.h 14 times Aimbot.zip
5 win32:trojan-gen. {other} 12 times NewVachack1.exe
6 trojan-downloader.win32.qoologic.i 10 times ssippib.dll
7 w32/mewpacked.gen 10 times mew.exe
8 worm/robobot 9 times install.exe
9 trojan.muldrop.1679 9 times server.exe
10 behaveslike:trojan.downloader 9 times trk_0002[1].exe
11 behaveslike:trojan.lowzones 9 times IELower.exe
12 worm/zusha.a 9 times dead.exe
13 backdoor.rbot.7c6c7cdc 9 times drxBot.exe
14 modification of win32.radix.24576 8 times CELERON36363636363636363636.ex
15 tr/dldr.istbar.ok.2 8 times p-jmav17.zip



C:\WINNT\vsrqft.exe


The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

anonyymi kirjoitti:

syste.exe:

Service load: 0% 100%

File: Syste.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: -

AntiVir No viruses found
Avast No viruses found
AVG Antivirus No viruses found
BitDefender BehavesLike:Win32.Backdoor (probable variant)
ClamAV No viruses found
Dr.Web No viruses found
F-Prot Antivirus No viruses found
Fortinet No viruses found
Kaspersky Anti-Virus No viruses found
mks_vir Trojan.Downloader.Bouj
NOD32 probably unknown NewHeur_PE (probable variant)
Norman Virus Control Sandbox: W32/Malware; [ General information ]

* File length: 40960 bytes.

[ Changes to registry ]
* Creates value "Anti-Virus Update Scheduler V1.39.12R"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 490.

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).

Statistics
Last piece of malware found was BehavesLike:Win32.Backdoor in Syste.exe, detected by:

Scanner Malware name
AntiVir X
Avast X
AVG Antivirus X
BitDefender BehavesLike:Win32.Backdoor
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
mks_vir Trojan.Downloader.Bouj
NOD32 probably unknown NewHeur_PE
Norman Virus Control Sandbox: W32/Malware



Service statistics:

3527 files (2899 of those unique) have been uploaded & scanned since 24/03/2005, the day of the last database purge.
854 of those 2899 files contained a virus or any other form of malware.
This page has been visited 7319 times in this time period.
This service managed to spot 79 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1704 suspicious files without any help from scanner results.
However, 5 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.83% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them!
Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 27 times I_BPK2003_test.zip
2 worm/procil.a.1 26 times Dragonbot.exe
3 win32.mydoom.1.gen@mm 16 times readme.pi_
4 tr/sckeylog.h 14 times Aimbot.zip
5 win32:trojan-gen. {other} 12 times NewVachack1.exe
6 trojan-downloader.win32.qoologic.i 10 times ssippib.dll
7 w32/mewpacked.gen 10 times mew.exe
8 worm/robobot 9 times install.exe
9 trojan.muldrop.1679 9 times server.exe
10 behaveslike:trojan.downloader 9 times trk_0002[1].exe
11 behaveslike:trojan.lowzones 9 times IELower.exe
12 worm/zusha.a 9 times dead.exe
13 backdoor.rbot.7c6c7cdc 9 times drxBot.exe
14 modification of win32.radix.24576 8 times CELERON36363636363636363636.ex
15 tr/dldr.istbar.ok.2 8 times p-jmav17.zip





C:\m1.exe

Service load:
0% 100%
File: Syste.exe Status:
INFECTED/MALWARE
Packers detected:
-
AntiVir
No viruses found
Avast
No viruses found
AVG Antivirus
No viruses found
BitDefender
BehavesLike:Win32.Backdoor (probable variant)
ClamAV
No viruses found
Dr.Web
No viruses found
F-Prot Antivirus
No viruses found
Fortinet
No viruses found
Kaspersky Anti-Virus
No viruses found
mks_vir
Trojan.Downloader.Bouj
NOD32
probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Sandbox: W32/Malware; [ General information ]

* File length: 40960 bytes.

[ Changes to registry ]
* Creates value "Anti-Virus Update Scheduler V1.39.12R"="c:\sample.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 490.

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
Statistics Last piece of malware found was Bifrose.D in joke.exe, detected by:

Scanner Malware name
AntiVir BDS/Bifrose.d.8
Avast X
AVG Antivirus BackDoor.Small.5.AW
BitDefender Backdoor.Bifrose.D
ClamAV Trojan.Bifrose-4
Dr.Web BackDoor.Bifrost
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Bifrose.d
mks_vir Trojan.Bifrose.D
NOD32 probably unknown NewHeur_PE
Norman Virus Control Bifrose.D


Service statistics:

3522 files (2896 of those unique) have been uploaded & scanned since 24/03/2005, the day of the last database purge.
853 of those 2896 files contained a virus or any other form of malware.
This page has been visited 7313 times in this time period.
This service managed to spot 79 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1703 suspicious files without any help from scanner results.
However, 5 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.83% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them! Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 27 times I_BPK2003_test.zip
2 worm/procil.a.1 24 times Dragonbot.exe
3 win32.mydoom.1.gen@mm 16 times readme.pi_
4 tr/sckeylog.h 14 times Aimbot.zip
5 win32:trojan-gen. {other} 12 times NewVachack1.exe
6 trojan-downloader.win32.qoologic.i 10 times ssippib.dll
7 w32/mewpacked.gen 10 times mew.exe
8 worm/robobot 9 times install.exe
9 trojan.muldrop.1679 9 times server.exe
10 behaveslike:trojan.downloader 9 times trk_0002[1].exe
11 behaveslike:trojan.lowzones 9 times IELower.exe
12 worm/zusha.a 9 times dead.exe
13 backdoor.rbot.7c6c7cdc 9 times drxBot.exe
14 modification of win32.radix.24576 8 times CELERON36363636363636363636.ex
15 tr/dldr.istbar.ok.2 8 times p-jmav17.zip



C:\WINNT\vsrqft.exe


The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Lue lisää

Laita vielä uusi HijackThis logi.
.
.

Ad-Aware kirjoitti:

Laita vielä uusi HijackThis logi.
.
.

Logfile of HijackThis v1.99.1
Scan saved at 15:13:03, on 27.3.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe
C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Starcraft\norton\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.jippii.fi"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitenur32.exe
O4 - HKLM\..\Run: [69urA] C:\WINNT\vsrqft.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Starcraft\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NVCSCHED.EXE

Anonyymi kirjoitti:

Logfile of HijackThis v1.99.1
Scan saved at 15:13:03, on 27.3.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe
C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Starcraft\norton\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.jippii.fi"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitenur32.exe
O4 - HKLM\..\Run: [69urA] C:\WINNT\vsrqft.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Starcraft\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NVCSCHED.EXE

Lue lisää

Moi

Poista ohjauspaneelin lisää / poista sovelluksen kautta seuraavat jos vielä löytyy.

ISTbar
ISTsvc

Pistä piilotiedostot näkyviin..ohje tuossa
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Varmista,että sulla on piilotiedostojen asetukset kuvan mukaiset.
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet

Jos otat ruksin pois niin tulee seuraava kuva...vastaa siihen Kyllä.
http://koti.mbnet.fi/pattaya1/kuvat/piilo1.jpg

Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

Tee sitten uusi scannaus HijackThissillä ja poista seuraavat rivit jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta. Sulje siis myös tämä ikkuna mitä nyt luet ennenkuin painat Fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html

O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitenur32.exe
O4 - HKLM\..\Run: [69urA] C:\WINNT\vsrqft.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKCU\..\Run: [Windows Compliant] winole.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/ AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab

Sitten FIXaa myös tämä jos et tiedä siitä mitään

O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel

Sammuta kone. Käynnistä VIKASIETOTILASSA.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Etsi ja POISTA seuraavat kansiot ja tiedostot jos vielä löytyy

C:\Program Files\ISTsvc

Ad-Aware kirjoitti:

Moi

Poista ohjauspaneelin lisää / poista sovelluksen kautta seuraavat jos vielä löytyy.

ISTbar
ISTsvc

Pistä piilotiedostot näkyviin..ohje tuossa
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Varmista,että sulla on piilotiedostojen asetukset kuvan mukaiset.
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet

Jos otat ruksin pois niin tulee seuraava kuva...vastaa siihen Kyllä.
http://koti.mbnet.fi/pattaya1/kuvat/piilo1.jpg

Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

Tee sitten uusi scannaus HijackThissillä ja poista seuraavat rivit jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta. Sulje siis myös tämä ikkuna mitä nyt luet ennenkuin painat Fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html

O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitenur32.exe
O4 - HKLM\..\Run: [69urA] C:\WINNT\vsrqft.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKCU\..\Run: [Windows Compliant] winole.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/ AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab

Sitten FIXaa myös tämä jos et tiedä siitä mitään

O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel

Sammuta kone. Käynnistä VIKASIETOTILASSA.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Etsi ja POISTA seuraavat kansiot ja tiedostot jos vielä löytyy

C:\Program Files\ISTsvc

Lue lisää

Mää on 2 kertaa aikasemmin törmänny tohon varianttiin

O4 - HKLM\..\Run: [etbrun]

ja ne pop-upit ei loppunnu,enneku ajo ton

http://www.simplytech.it/ETRemover/

Juu kirjoitti:

Mää on 2 kertaa aikasemmin törmänny tohon varianttiin

O4 - HKLM\..\Run: [etbrun]

ja ne pop-upit ei loppunnu,enneku ajo ton

http://www.simplytech.it/ETRemover/

Lue lisää

Kiitti tiedosta :)
Näin kyllä tuon uuden päivityksen mutta en ole sitä vielä missään kokeillut.
Katsotaan ensin mitä noi scannerit löytää ja mitä sinne hijackthis logiin vielä jää.

Saat vaikka sitten jatkaa puhdistusta. :)¨
.
.

Ad-Aware kirjoitti:

Kiitti tiedosta :)
Näin kyllä tuon uuden päivityksen mutta en ole sitä vielä missään kokeillut.
Katsotaan ensin mitä noi scannerit löytää ja mitä sinne hijackthis logiin vielä jää.

Saat vaikka sitten jatkaa puhdistusta. :)¨
.
.

Lue lisää

> Saat vaikka sitten jatkaa puhdistusta. :)¨<

Eiihh..anna mennä vaan .

Ad-Aware kirjoitti:

Moi

Poista ohjauspaneelin lisää / poista sovelluksen kautta seuraavat jos vielä löytyy.

ISTbar
ISTsvc

Pistä piilotiedostot näkyviin..ohje tuossa
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Varmista,että sulla on piilotiedostojen asetukset kuvan mukaiset.
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet

Jos otat ruksin pois niin tulee seuraava kuva...vastaa siihen Kyllä.
http://koti.mbnet.fi/pattaya1/kuvat/piilo1.jpg

Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

Tee sitten uusi scannaus HijackThissillä ja poista seuraavat rivit jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta. Sulje siis myös tämä ikkuna mitä nyt luet ennenkuin painat Fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\shdocpe.dll/asst.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINNT\system32\shdocpe.dll/asst.html

O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\elitenur32.exe
O4 - HKLM\..\Run: [69urA] C:\WINNT\vsrqft.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [REGRUN] C:\m1.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKCU\..\Run: [Windows Compliant] winole.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/ AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab

Sitten FIXaa myös tämä jos et tiedä siitä mitään

O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel

Sammuta kone. Käynnistä VIKASIETOTILASSA.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Etsi ja POISTA seuraavat kansiot ja tiedostot jos vielä löytyy

C:\Program Files\ISTsvc

Lue lisää

Tässä olisi nämä skannien tulokset:

ensimmäinen skanneri löysi:

pwt351.exe
elitefyb32.exe
elitevdm.exe
wingasys.exe
protector_update[1].exe
installer.exe

skanneri ainakin väitti korjanneensa nuo..



seuraavan skannerin tulokset:

File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\system32\TFTP1128 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\SmileyCentralPFSetup2.0.2.7-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\youandme.pif infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sonja\SmileyCentralPFSetup2.0.3.8-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\lc.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\518247D5-5B14-45D8-97B7-A36EE7\4112EF95-1F6F-40D4-9007-69F12D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\5DE67916-3506-4810-A89E-7F725B\F2E6EBE6-66E7-4A2C-97E9-BAFE1F tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\76774656-9EA5-470C-86FE-3E215B infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\ACBB174F-E3C3-4405-8EA4-2E6BA5 infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\829500A0-1A85-4892-9814-8FF8EE\44B48CF0-1B7E-45BB-AD99-FF9700 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\9978A5E1-3AEB-4AFE-9542-401784\B3C6A8E7-1FE8-4F7C-96E6-EA90F3 infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Renamed.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\E9984CDB-1186-49D6-AAE2-A16D90\2DD0588B-1088-4886-BCA3-626996 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EA55235A-B33D-4003-99C7-5D3F73\C81E7DB8-89CB-44AD-860A-2DB4B9 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\slc.exe infected by "Trojan-Clicker.Win32.Delf.ah" Virus. Action Taken: File Deleted.
File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\EliteSideBar\EliteSideBar 08.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINNT\EliteToolBar\EliteToolBar version 60.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.
File C:\WINNT\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\WINNT\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.


File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\system32\TFTP1128 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\SmileyCentralPFSetup2.0.2.7-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\youandme.pif infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sonja\SmileyCentralPFSetup2.0.3.8-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\lc.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\518247D5-5B14-45D8-97B7-A36EE7\4112EF95-1F6F-40D4-9007-69F12D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\5DE67916-3506-4810-A89E-7F725B\F2E6EBE6-66E7-4A2C-97E9-BAFE1F tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\76774656-9EA5-470C-86FE-3E215B infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\ACBB174F-E3C3-4405-8EA4-2E6BA5 infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\829500A0-1A85-4892-9814-8FF8EE\44B48CF0-1B7E-45BB-AD99-FF9700 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\9978A5E1-3AEB-4AFE-9542-401784\B3C6A8E7-1FE8-4F7C-96E6-EA90F3 infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Renamed.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\E9984CDB-1186-49D6-AAE2-A16D90\2DD0588B-1088-4886-BCA3-626996 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EA55235A-B33D-4003-99C7-5D3F73\C81E7DB8-89CB-44AD-860A-2DB4B9 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\slc.exe infected by "Trojan-Clicker.Win32.Delf.ah" Virus. Action Taken: File Deleted.
File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\EliteSideBar\EliteSideBar 08.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINNT\EliteToolBar\EliteToolBar version 60.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.
File C:\WINNT\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\WINNT\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

Anonyymi kirjoitti:

Tässä olisi nämä skannien tulokset:

ensimmäinen skanneri löysi:

pwt351.exe
elitefyb32.exe
elitevdm.exe
wingasys.exe
protector_update[1].exe
installer.exe

skanneri ainakin väitti korjanneensa nuo..



seuraavan skannerin tulokset:

File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\system32\TFTP1128 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\SmileyCentralPFSetup2.0.2.7-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\youandme.pif infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sonja\SmileyCentralPFSetup2.0.3.8-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\lc.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\518247D5-5B14-45D8-97B7-A36EE7\4112EF95-1F6F-40D4-9007-69F12D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\5DE67916-3506-4810-A89E-7F725B\F2E6EBE6-66E7-4A2C-97E9-BAFE1F tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\76774656-9EA5-470C-86FE-3E215B infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\ACBB174F-E3C3-4405-8EA4-2E6BA5 infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\829500A0-1A85-4892-9814-8FF8EE\44B48CF0-1B7E-45BB-AD99-FF9700 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\9978A5E1-3AEB-4AFE-9542-401784\B3C6A8E7-1FE8-4F7C-96E6-EA90F3 infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Renamed.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\E9984CDB-1186-49D6-AAE2-A16D90\2DD0588B-1088-4886-BCA3-626996 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EA55235A-B33D-4003-99C7-5D3F73\C81E7DB8-89CB-44AD-860A-2DB4B9 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\slc.exe infected by "Trojan-Clicker.Win32.Delf.ah" Virus. Action Taken: File Deleted.
File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\EliteSideBar\EliteSideBar 08.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINNT\EliteToolBar\EliteToolBar version 60.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.
File C:\WINNT\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\WINNT\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.


File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\system32\TFTP1128 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\SmileyCentralPFSetup2.0.2.7-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sari\youandme.pif infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot\Sonja\SmileyCentralPFSetup2.0.3.8-2.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\lc.exe tagged as not-a-virus:AdWare.WinAD.ab. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\518247D5-5B14-45D8-97B7-A36EE7\4112EF95-1F6F-40D4-9007-69F12D infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\5DE67916-3506-4810-A89E-7F725B\F2E6EBE6-66E7-4A2C-97E9-BAFE1F tagged as not-a-virus:AdWare.WinAD.af. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\76774656-9EA5-470C-86FE-3E215B infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\77E8C82B-AF08-463C-9DC5-609131\ACBB174F-E3C3-4405-8EA4-2E6BA5 infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\829500A0-1A85-4892-9814-8FF8EE\44B48CF0-1B7E-45BB-AD99-FF9700 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\9978A5E1-3AEB-4AFE-9542-401784\B3C6A8E7-1FE8-4F7C-96E6-EA90F3 infected by "Backdoor.Win32.Wootbot.ax" Virus. Action Taken: File Renamed.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\E9984CDB-1186-49D6-AAE2-A16D90\2DD0588B-1088-4886-BCA3-626996 tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EA55235A-B33D-4003-99C7-5D3F73\C81E7DB8-89CB-44AD-860A-2DB4B9 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\slc.exe infected by "Trojan-Clicker.Win32.Delf.ah" Virus. Action Taken: File Deleted.
File C:\WINNT\70tovmto.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\a95kfrhe.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINNT\EliteSideBar\EliteSideBar 08.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINNT\EliteToolBar\EliteToolBar version 60.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.af. No Action Taken.
File C:\WINNT\Temp\fidcnkL.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\WINNT\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.

Lue lisää

ja tässä hijackthis logi:

Logfile of HijackThis v1.99.1
Scan saved at 23:06:31, on 27.3.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
C:\Program Files\Starcraft\norton\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.jippii.fi"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NVCSCHED.EXE

Anonyymi kirjoitti:

ja tässä hijackthis logi:

Logfile of HijackThis v1.99.1
Scan saved at 23:06:31, on 27.3.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
C:\Program Files\Starcraft\norton\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.jippii.fi"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Profiles\default\s4v0889l.slt\prefs.js)
O1 - Hosts: 64.24.234.120 swirve.com # Added by Utopia Angel
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Starcraft\norton\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\cwshredder\WinZip\WZQKPICK.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\DOCUMENTS AND SETTINGS\JÄRJESTELMÄNVALVOJA\OMAT TIEDOSTOT\SONJA\nvc\BIN\NVCSCHED.EXE

Lue lisää

Tee myös näiden linkkien ohjeiden mukaan vielä.

http://koti.mbnet.fi/pattaya1/tarkista_ohjelmat.htm

http://koti.mbnet.fi/pattaya1/tarkista_kansiot.htm

.
.

Ad-Aware kirjoitti:

Tee myös näiden linkkien ohjeiden mukaan vielä.

http://koti.mbnet.fi/pattaya1/tarkista_ohjelmat.htm

http://koti.mbnet.fi/pattaya1/tarkista_kansiot.htm

.
.

Lue lisää

ensimmäisen linkit tulokset:


---------- UNINSTALLPROGRAMLIST
"DisplayName"=""
"DisplayName"="ShopAtHomeSelect Cash Back"
"DisplayName"="ShopAtHomeSelect Cash Back"
"DisplayName"="Ad-aware 6 Personal"
"DisplayName"="Heroes of Might and Magic"
"DisplayName"="HijackThis 1.99.1"
"Displayname"="HP DeskJet 720C -sarja (Vain poisto)"
"DisplayName"="SlotchBar"
"DisplayName"="Windows 2000 Hotfix - KB329115"
"DisplayName"="Windows 2000 Hotfix - KB823182"
"DisplayName"="Windows 2000 Hotfix - KB823559"
"DisplayName"="Windows 2000 Hotfix - KB824105"
"DisplayName"="Windows 2000 Hotfix - KB825119"
"DisplayName"="Windows 2000 Hotfix - KB826232"
"DisplayName"="Windows 2000 Hotfix - KB828035"
"DisplayName"="Windows 2000 Hotfix - KB828741"
"DisplayName"="Windows 2000 Hotfix - KB828749"
"DisplayName"="Windows 2000 Hotfix KB834707"
"DisplayName"="Windows 2000 Hotfix - KB835732"
"DisplayName"="Windows 2000 Hotfix - KB837001"
"DisplayName"="Windows 2000 Hotfix - KB839643"
"DisplayName"="Windows 2000 Hotfix - KB839645"
"DisplayName"="Windows 2000 Hotfix - KB840315"
"DisplayName"="Windows 2000 Hotfix - KB840987"
"DisplayName"="Windows 2000 Hotfix - KB841356"
"DisplayName"="Windows 2000 Hotfix - KB841533"
"DisplayName"="Windows 2000 Hotfix - KB841872"
"DisplayName"="Windows 2000 Hotfix - KB841873"
"DisplayName"="Windows 2000 Hotfix - KB842526"
"DisplayName"="Windows 2000 Hotfix - KB867282"
"DisplayName"="Microsoft Data Access Components KB870669"
"DisplayName"="Windows 2000 Hotfix - KB871250"
"DisplayName"="Windows 2000 Hotfix - KB873333"
"DisplayName"="Windows 2000 Hotfix - KB873339"
"DisplayName"="Windows 2000 Hotfix - KB885250"
"DisplayName"="Windows 2000 Hotfix - KB885835"
"DisplayName"="Windows 2000 Hotfix - KB885836"
"DisplayName"="Windows 2000 Hotfix - KB888113"
"DisplayName"="Windows 2000 Hotfix - KB889293"
"DisplayName"="Windows 2000 Hotfix - KB890047"
"DisplayName"="Windows 2000 Hotfix - KB890175"
"DisplayName"="Windows 2000 Hotfix - KB891711"
"DisplayName"="Windows 2000 Hotfix - KB891781"
"DisplayName"="Macromedia Shockwave Player"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="MPEG Audio Collection 2.50"
"DisplayName"="My Search Bar"
"DisplayName"="Net2Phone"
"DisplayName"="Netscape (7.0)"
"DisplayName"="Outlook Express Q823353"
"DisplayName"="Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]"
"DisplayName"="Skype 1.0"
"DisplayName"="Smart Protector Pro"
"DisplayName"="Spybot - Search & Destroy 1.3"
"DisplayName"="SpySubtract"
"DisplayName"="Starcraft"
"DisplayName"="Microsoft VGX Q833989"
"DisplayName"="Viewpoint Media Player (Remove Only)"
"DisplayName"="Winamp (remove only)"
"DisplayName"="Windows 2000 Service Pack 4"
"DisplayName"="WinMX"
"DisplayName"="WinZip"
"DisplayName"="Yahoo! Anti-Spy"
"DisplayName"="Yahoo! Toolbar"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft AntiSpyware"
"DisplayName"="WebFldrs"
"DisplayName"="NIC 5.50"
"DisplayName"="F-Prot for Windows"
"DisplayName"="MSN Messenger 7.0"






toisen linkin tulokset:

?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files

27.03.2005 01:45 .
27.03.2005 01:45 ..
17.10.2004 21:02 2ÿ636ÿ408 aawsepersonal.exe
18.05.2003 21:00 Accessories
27.03.2005 17:54 Adware
20.11.2004 17:08 2ÿ826ÿ240 Angel.exe
16.12.2004 01:53 1ÿ139ÿ204 angel162.exe
24.03.2005 15:28 Common Files
18.05.2003 20:03 ComPlus Applications
04.02.2005 10:51 cwshredder
10.11.2004 11:35 DATA
25.11.1996 16:13 286 FILE_ID.DIZ
15.09.2004 19:47 FSI
10.11.2004 11:32 GAMES
10.11.2004 11:32 HELP
02.10.2004 18:03 4ÿ485ÿ121 hopeanuoli.mp3
24.11.2003 20:07 HP DeskJet 720C Series v10.3
04.02.2005 10:48 InterMute
04.02.2005 10:37 Internet Explorer
28.02.2005 14:31 Jasc Software Inc
13.09.2004 14:41 Laajakaistayhteyden asennus
07.09.2004 12:14 Lavasoft
22.11.1996 09:26 1ÿ196 license.txt
10.11.2004 11:32 MAPS
25.03.2005 08:36 Media Access
25.03.2005 08:38 Media Pass
14.09.2004 18:16 Messenger
27.03.2005 23:12 Microsoft AntiSpyware
18.05.2003 20:14 microsoft frontpage
18.05.2003 20:58 Microsoft Office
18.05.2003 21:01 Microsoft Visual Studio
15.01.2004 18:54 ModemISDN FI
19.09.2004 15:37 MPEG Audio Collection
30.12.2004 16:45 MSN Messenger
25.09.1996 11:31 141ÿ312 MSS32.DLL
08.09.2004 18:14 Net2Phone
20.09.2004 22:50 NetMeeting
08.09.2004 18:12 Netscape
08.09.2004 18:14 Netword
20.09.2004 22:39 Outlook Express
29.05.2004 02:01 6ÿ314 README.TXT
02.01.2005 19:56 Skype
15.09.1996 18:11 66ÿ560 SMACKW32.DLL
27.03.2005 23:14 Starcraft
05.03.2005 17:38 Update
14.01.2005 14:07 Uusi kansio
08.09.2004 18:14 Viewpoint
27.10.2004 05:42 4ÿ565ÿ928 winamp505_full22.exe
07.09.2004 12:36 Windows Media Player
07.09.2004 12:42 Windows NT
14.02.2005 04:32 WinMX
04.02.2005 02:00 WinZip
10.11.2004 11:30 2ÿ421ÿ920 winzip90.exe
03.02.2005 23:47 Yahoo!
13.03.2005 02:20 zangel
11 tiedosto(a) 18ÿ290ÿ489 tavua
44 kansio(ta) 35ÿ549ÿ184 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files

18.05.2003 20:05 271 desktop.ini
18.05.2003 20:05 22ÿ046 folder.htt
02.01.2005 19:36 InstallShield Installation Information
20.09.2004 22:39 Uninstall Information
27.03.2005 22:01 WindowsUpdate
2 tiedosto(a) 22ÿ317 tavua
3 kansio(ta) 35ÿ549ÿ184 tavua vapaana

Anonyymi kirjoitti:

ensimmäisen linkit tulokset:


---------- UNINSTALLPROGRAMLIST
"DisplayName"=""
"DisplayName"="ShopAtHomeSelect Cash Back"
"DisplayName"="ShopAtHomeSelect Cash Back"
"DisplayName"="Ad-aware 6 Personal"
"DisplayName"="Heroes of Might and Magic"
"DisplayName"="HijackThis 1.99.1"
"Displayname"="HP DeskJet 720C -sarja (Vain poisto)"
"DisplayName"="SlotchBar"
"DisplayName"="Windows 2000 Hotfix - KB329115"
"DisplayName"="Windows 2000 Hotfix - KB823182"
"DisplayName"="Windows 2000 Hotfix - KB823559"
"DisplayName"="Windows 2000 Hotfix - KB824105"
"DisplayName"="Windows 2000 Hotfix - KB825119"
"DisplayName"="Windows 2000 Hotfix - KB826232"
"DisplayName"="Windows 2000 Hotfix - KB828035"
"DisplayName"="Windows 2000 Hotfix - KB828741"
"DisplayName"="Windows 2000 Hotfix - KB828749"
"DisplayName"="Windows 2000 Hotfix KB834707"
"DisplayName"="Windows 2000 Hotfix - KB835732"
"DisplayName"="Windows 2000 Hotfix - KB837001"
"DisplayName"="Windows 2000 Hotfix - KB839643"
"DisplayName"="Windows 2000 Hotfix - KB839645"
"DisplayName"="Windows 2000 Hotfix - KB840315"
"DisplayName"="Windows 2000 Hotfix - KB840987"
"DisplayName"="Windows 2000 Hotfix - KB841356"
"DisplayName"="Windows 2000 Hotfix - KB841533"
"DisplayName"="Windows 2000 Hotfix - KB841872"
"DisplayName"="Windows 2000 Hotfix - KB841873"
"DisplayName"="Windows 2000 Hotfix - KB842526"
"DisplayName"="Windows 2000 Hotfix - KB867282"
"DisplayName"="Microsoft Data Access Components KB870669"
"DisplayName"="Windows 2000 Hotfix - KB871250"
"DisplayName"="Windows 2000 Hotfix - KB873333"
"DisplayName"="Windows 2000 Hotfix - KB873339"
"DisplayName"="Windows 2000 Hotfix - KB885250"
"DisplayName"="Windows 2000 Hotfix - KB885835"
"DisplayName"="Windows 2000 Hotfix - KB885836"
"DisplayName"="Windows 2000 Hotfix - KB888113"
"DisplayName"="Windows 2000 Hotfix - KB889293"
"DisplayName"="Windows 2000 Hotfix - KB890047"
"DisplayName"="Windows 2000 Hotfix - KB890175"
"DisplayName"="Windows 2000 Hotfix - KB891711"
"DisplayName"="Windows 2000 Hotfix - KB891781"
"DisplayName"="Macromedia Shockwave Player"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="MPEG Audio Collection 2.50"
"DisplayName"="My Search Bar"
"DisplayName"="Net2Phone"
"DisplayName"="Netscape (7.0)"
"DisplayName"="Outlook Express Q823353"
"DisplayName"="Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]"
"DisplayName"="Skype 1.0"
"DisplayName"="Smart Protector Pro"
"DisplayName"="Spybot - Search & Destroy 1.3"
"DisplayName"="SpySubtract"
"DisplayName"="Starcraft"
"DisplayName"="Microsoft VGX Q833989"
"DisplayName"="Viewpoint Media Player (Remove Only)"
"DisplayName"="Winamp (remove only)"
"DisplayName"="Windows 2000 Service Pack 4"
"DisplayName"="WinMX"
"DisplayName"="WinZip"
"DisplayName"="Yahoo! Anti-Spy"
"DisplayName"="Yahoo! Toolbar"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft AntiSpyware"
"DisplayName"="WebFldrs"
"DisplayName"="NIC 5.50"
"DisplayName"="F-Prot for Windows"
"DisplayName"="MSN Messenger 7.0"






toisen linkin tulokset:

?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files

27.03.2005 01:45 .
27.03.2005 01:45 ..
17.10.2004 21:02 2ÿ636ÿ408 aawsepersonal.exe
18.05.2003 21:00 Accessories
27.03.2005 17:54 Adware
20.11.2004 17:08 2ÿ826ÿ240 Angel.exe
16.12.2004 01:53 1ÿ139ÿ204 angel162.exe
24.03.2005 15:28 Common Files
18.05.2003 20:03 ComPlus Applications
04.02.2005 10:51 cwshredder
10.11.2004 11:35 DATA
25.11.1996 16:13 286 FILE_ID.DIZ
15.09.2004 19:47 FSI
10.11.2004 11:32 GAMES
10.11.2004 11:32 HELP
02.10.2004 18:03 4ÿ485ÿ121 hopeanuoli.mp3
24.11.2003 20:07 HP DeskJet 720C Series v10.3
04.02.2005 10:48 InterMute
04.02.2005 10:37 Internet Explorer
28.02.2005 14:31 Jasc Software Inc
13.09.2004 14:41 Laajakaistayhteyden asennus
07.09.2004 12:14 Lavasoft
22.11.1996 09:26 1ÿ196 license.txt
10.11.2004 11:32 MAPS
25.03.2005 08:36 Media Access
25.03.2005 08:38 Media Pass
14.09.2004 18:16 Messenger
27.03.2005 23:12 Microsoft AntiSpyware
18.05.2003 20:14 microsoft frontpage
18.05.2003 20:58 Microsoft Office
18.05.2003 21:01 Microsoft Visual Studio
15.01.2004 18:54 ModemISDN FI
19.09.2004 15:37 MPEG Audio Collection
30.12.2004 16:45 MSN Messenger
25.09.1996 11:31 141ÿ312 MSS32.DLL
08.09.2004 18:14 Net2Phone
20.09.2004 22:50 NetMeeting
08.09.2004 18:12 Netscape
08.09.2004 18:14 Netword
20.09.2004 22:39 Outlook Express
29.05.2004 02:01 6ÿ314 README.TXT
02.01.2005 19:56 Skype
15.09.1996 18:11 66ÿ560 SMACKW32.DLL
27.03.2005 23:14 Starcraft
05.03.2005 17:38 Update
14.01.2005 14:07 Uusi kansio
08.09.2004 18:14 Viewpoint
27.10.2004 05:42 4ÿ565ÿ928 winamp505_full22.exe
07.09.2004 12:36 Windows Media Player
07.09.2004 12:42 Windows NT
14.02.2005 04:32 WinMX
04.02.2005 02:00 WinZip
10.11.2004 11:30 2ÿ421ÿ920 winzip90.exe
03.02.2005 23:47 Yahoo!
13.03.2005 02:20 zangel
11 tiedosto(a) 18ÿ290ÿ489 tavua
44 kansio(ta) 35ÿ549ÿ184 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on 682E-CD43

Kansio c:\Program Files

18.05.2003 20:05 271 desktop.ini
18.05.2003 20:05 22ÿ046 folder.htt
02.01.2005 19:36 InstallShield Installation Information
20.09.2004 22:39 Uninstall Information
27.03.2005 22:01 WindowsUpdate
2 tiedosto(a) 22ÿ317 tavua
3 kansio(ta) 35ÿ549ÿ184 tavua vapaana

Lue lisää

Moi

Käynnistä kone VIKASIETOTILASSA.

Piilotiedostot edelleen näkyviin.

Tee sitten uusi scannaus HijackThissillä ja poista seuraava rivi jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta.

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N

Edelleen vikasietotilassa POISTA ohjauspaneelin lisää / poista sovelluksen kautta seuraavat

ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back

Ad-Aware kirjoitti:

Moi

Käynnistä kone VIKASIETOTILASSA.

Piilotiedostot edelleen näkyviin.

Tee sitten uusi scannaus HijackThissillä ja poista seuraava rivi jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta.

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N

Edelleen vikasietotilassa POISTA ohjauspaneelin lisää / poista sovelluksen kautta seuraavat

ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back

Lue lisää

yksi asia vielä
Poista myös se

Ad-aware 6 Personal

sieltä lisää / poista sovelluksesta.
Sitten haet uuden Ad-Aware SE:n vaikka tuolta
http://koti.mbnet.fi/pattaya1/adaware.htm
Lue ohjeet.Lataat ja asennat sen. Muista päivittää se ja sitten scannaat ja poistat sillä löydetyt "örkit".
.
.

Ad-Aware kirjoitti:

Moi

Käynnistä kone VIKASIETOTILASSA.

Piilotiedostot edelleen näkyviin.

Tee sitten uusi scannaus HijackThissillä ja poista seuraava rivi jos vielä löytyy. Sulje selain ja muut ikkunat ennen FIXausta.

O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINNT\system32\finland.exe -N

Edelleen vikasietotilassa POISTA ohjauspaneelin lisää / poista sovelluksen kautta seuraavat

ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back

Lue lisää

"Edelleen vikasietotilassa POISTA ohjauspaneelin lisää / poista sovelluksen kautta seuraavat

ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back

Anonyymi kirjoitti:

"Edelleen vikasietotilassa POISTA ohjauspaneelin lisää / poista sovelluksen kautta seuraavat

ShopAtHomeSelect Cash Back
ShopAtHomeSelect Cash Back

Logi näyttää olevan puhdas :)

Olihan sulla varmasti noi piilotiedostojen asetukset kuvan mukaiset ?
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet
Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

sillä noi tiedostot pitäisi olla koneella koska eScan ne löysi.

Muistaakseni kohta
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)

josta otat siis sen ruksin pois

laittaa ne näkyviin ainakin näiden kahden kohdalla

C:\WINNT\70tovmto.exe
C:\WINNT\a95kfrhe.exe

Olisi meinaan tapahtunut melkoinen IHME,jos ne olisivat lähteneet itsestään pois kun poistit ne
ShopAtHomeSelect Cash Backit :))

Mutta kuten sanottu logi on puhdas ja uusia ongelmia ei kai ole ilmennyt ?
.
.

Ad-Aware kirjoitti:

Logi näyttää olevan puhdas :)

Olihan sulla varmasti noi piilotiedostojen asetukset kuvan mukaiset ?
http://koti.mbnet.fi/pattaya1/kuvat/piilo.jpg

Ruksia ei siis kohdissa
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)
-Piilota tunnettujen tiedostotyyppien tunnisteet
Ruksi on kohdassa
-Näytä piilotetut tiedostot ja kansiot

sillä noi tiedostot pitäisi olla koneella koska eScan ne löysi.

Muistaakseni kohta
-Piilota suojatut käyttöjärjestelmätiedostot(suositus)

josta otat siis sen ruksin pois

laittaa ne näkyviin ainakin näiden kahden kohdalla

C:\WINNT\70tovmto.exe
C:\WINNT\a95kfrhe.exe

Olisi meinaan tapahtunut melkoinen IHME,jos ne olisivat lähteneet itsestään pois kun poistit ne
ShopAtHomeSelect Cash Backit :))

Mutta kuten sanottu logi on puhdas ja uusia ongelmia ei kai ole ilmennyt ?
.
.

Lue lisää

kaippa ne 2 tiedostoa sitten jossain vaiheessa tavalla tai toisella deletoitu :)

oikein paljon kiitoksia avusta, nyt minun ei tarvinnut todistaa sitä näkyä kun randompornosivu aukeaa mutsin naamalle :D