|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Auttaisiko HJT logi? -kone ihan kyykyssä
|
|
|
tuomaskb
Newbie
|
27. helmikuuta 2006 @ 09:52 |
Linkki tähän viestiin
|
Tervehdys
ko. ohjelmasta en ymmärrä lainkaan, joten on paras turvautua asiantuntijoihin. Omat keinot ovat käytetty, on ajettu virustorjuntaa, spywarea jne. mutta kone tuntuu olevan aivan jumissa. Prosesseissa on käynnissä esim win75.tmp.exe - mikäköhän tuokin on?
Kaikki apu otetaan kiitoksella vastaan.
Kiitokset jo näin etukäteen!
Logfile of HijackThis v1.99.1
Scan saved at 14:38:11, on 27.2.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\IP VPN Remote Services\AutoExt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINNT\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\TEMP\win75.tmp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\TBackman\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CPS Color ICT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\IP VPN Remote Services\AutoExt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\WINNT\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color
O15 - Trusted Zone: http://www.genesys.com
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cps.color
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: wincqu32 - C:\WINNT\SYSTEM32\wincqu32.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe (file missing)
O23 - Service: Collaboration Runtime (xmppd-jse8) - Unknown owner - C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
|
AfterDawn Addict
|
27. helmikuuta 2006 @ 10:06 |
Linkki tähän viestiin
|
|
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. helmikuuta 2006 @ 10:07
|
|
tuomaskb
Newbie
|
27. helmikuuta 2006 @ 12:00 |
Linkki tähän viestiin
|
Hei
Hieman kesti, kun tuo kone ei ole ihan täydessä tehossa.
Ensimmäinen ongelma on Temp hakemiston tyhjentäminen. Sinne jää huomattava määrä tiedostoja joita Windows ei suostu deletoimaan, koska tiedostot ovat toisen ohjelman käytössä. Jäljelle jääneet tiedostot/hakemistot ovat:
..TEMP\hsperfdata_SYSTEM\1204 tiedosto
..TEMP\win(xxx).tmp tai win(xxx).tmp.exe tiedostoja
tuleeko nämä poistaa jollain toisella ohjelmalla?
Poistin hjt:llä O8:n, O15 jätin sillä ovat omia juttuja
Ajoin ewidon. tuloksena oheinen raportti.
[220] C:\WINNT\system32\wincqu32.dll -> Hijacker.Small.kb : Cleaned with backup
[1500] C:\WINNT\TEMP\win75.tmp.exe -> Trojan.Dialer.u : Cleaned with backup
:mozilla.23:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.26:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.27:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.29:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.38:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.58:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned with backup
:mozilla.100:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned with backup
:mozilla.112:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.113:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.118:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.123:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.131:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.132:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.157:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.158:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.159:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.163:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.164:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.197:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.275:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.282:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.283:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.284:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.292:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.321:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.323:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.324:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.325:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.326:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.327:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.328:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.329:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.341:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.342:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.343:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.344:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.383:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.386:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.387:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.388:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.417:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.446:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.448:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.449:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.476:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.477:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.478:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.479:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.480:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.553:C:\Documents and Settings\TBackman\Application Data\Mozilla\Firefox\Profiles\vj35x80c.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\TBackman\Cookies\tbackman@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\TBackman\Local Settings\Temp\ddl4B5.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\TBackman\Local Settings\Temporary Internet Files\Content.IE5\HFZB5T4E\srvlbin4[1].exe -> Trojan.Dialer.u : Cleaned with backup
C:\Documents and Settings\TBackman\Local Settings\Temporary Internet Files\Content.IE5\Q2ZJTGV3\rdgUS2405[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINNT\system32\wincqu32.dll -> Hijacker.Small.kb : Cleaned with backup
C:\WINNT\Temp\win75.tmp.exe -> Trojan.Dialer.u : Cleaned with backup
Jonka jälkeen hjt uudestaan, siitä seuraava raportti:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\IP VPN Remote Services\AutoExt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINNT\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\TEMP\win3A5.tmp.exe
C:\WINNT\TEMP\win3A5.tmp.exe
C:\WINNT\TEMP\win505.tmp.exe
C:\WINNT\TEMP\win3A5.tmp.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CPS Color ICT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\IP VPN Remote Services\AutoExt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\WINNT\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color
O15 - Trusted Zone: http://www.genesys.com
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cps.color
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: wincqu32 - wincqu32.dll (file missing)
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe (file missing)
O23 - Service: Collaboration Runtime (xmppd-jse8) - Unknown owner - C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
|
AfterDawn Addict
|
27. helmikuuta 2006 @ 12:08 |
Linkki tähän viestiin
|
|
Tehdääs näin:
Fixaa tämä rivi HjT:llä
O20 - Winlogon Notify: wincqu32 - wincqu32.dll (file missing)
Sitten käynnistä kone vikasietotilaan.
Eli käynnistä kone ja naputtele F8, kunnes tulee valikko ja valitse siitä valikosta vikasietotila.
Yritä nyt tyhjentää tämä hakemisto:
C:\WINNT\TEMP
Käynnistä uudelleen normaalisti ja lähetä uusi HjT-loki.
Jos tuo ei toimi, niin pitää keksiä muuta.
|
|
tuomaskb
Newbie
|
28. helmikuuta 2006 @ 03:07 |
Linkki tähän viestiin
|
Hei
tiedostojen poisto onnistui vikasietotilassa.
Ohessa uusi HJT. Toivottavasti pöpö olisi nyt saatu pois.
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\IP VPN Remote Services\AutoExt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINNT\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CPS Color ICT
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.4.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\IP VPN Remote Services\AutoExt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\Firetray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\WINNT\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color
O15 - Trusted Zone: http://www.genesys.com
O15 - Trusted Zone: http://srw3fi1001.emea.cps.color (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FB5FBB7F-92B4-11D3-8332-00C04F8B209E} (Genesys Webtour Control) - https://content101.mc.iconf.net/gcc_installer/webtour/astbrowserquery.cab
O16 - DPF: {FBE37597-190E-4A06-978F-E39037999049} (Genesys Component Installer) - http://content101.mc.iconf.net/gcc_installer/gmcinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cps.color
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cps.color
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe (file missing)
O23 - Service: Collaboration Runtime (xmppd-jse8) - Unknown owner - C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
|
AfterDawn Addict
|
28. helmikuuta 2006 @ 03:24 |
Linkki tähän viestiin
|
|
Siltä näyttää, kun nuo tmp.exet lähtivät pois running processes-kohdasta :) Loki on puhdas. Onko vielä ongelmia?
|
|
tuomaskb
Newbie
|
28. helmikuuta 2006 @ 04:41 |
Linkki tähän viestiin
|
|
Hei
Kaikki tuntuu nyt toimivan normaalisti.
KIITOS AVUSTASI!!!!
Terv. Tuomas
|
|
Mainos
|
|
|
AfterDawn Addict
|
28. helmikuuta 2006 @ 04:51 |
Linkki tähän viestiin
|
|
Olepa hyvä :)
|
|
