|
Tehtävienhallinta hukassa!
|
|
|
gebardi
Junior Member
|
17. huhtikuuta 2006 @ 06:25 |
Linkki tähän viestiin
|
|
Virus hyökkäyksen tuloksena tehtävienhallinta katosi, ilmoittaa että järjestelmänvalvoja on poistanut sen käytöstä, miten sen saa takaisin?
Myös työpöydän taustakuvaa ei voi vaihtaa,musta kuva ja siinä teksti (Your computer is danger! Windows Security Center has detected spyware/adware infection! It is strongly recommanted to use special antispyware tools to prevent data loss.) valintalista harmaana! Tuota kuvaa en löytänyt koneelta jotta olisin voinut sen poistaa, vai kirjoittaako virus sen?
Ulkoinen palomuuri ja F-securen virustorjunta 2006 käytössä, eivät silti näköjään pysty estämään virusten pesiytymistä koneelle.
ps.virustorjunta oli mallia 2004 kun örkit hyökkäsi,2006 asennettiin heti hyökkäyksen jälkeen.
Kiittää ja kumartaa hyvistä vinkeistä.
www.dpk.fi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. huhtikuuta 2006 @ 09:45
|
Senior Member
|
17. huhtikuuta 2006 @ 06:34 |
Linkki tähän viestiin
|
|
|
gebardi
Junior Member
|
17. huhtikuuta 2006 @ 07:47 |
Linkki tähän viestiin
|
|
Bazoogalla scannattu onko tästä apua:{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
System error message: Määritettyä tiedostoa ei löydy.
www.dpk.fi
|
Senior Member
|
17. huhtikuuta 2006 @ 08:09 |
Linkki tähän viestiin
|
|
toi on ok avain. Tiedosto vain puuttunee. Laita vain hijack loki, niin siitä selviää enemmän :)
|
|
gebardi
Junior Member
|
18. huhtikuuta 2006 @ 09:49 |
Linkki tähän viestiin
|
|
Kokeilin ensin Ad-Avarella, voiko Scan Summaryn ilmoittamat huoletta poistaa? Olisin laittanut kuvan, mutta tänne ei voi lisätä kuin linkitetyn kuvan.
www.dpk.fi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. huhtikuuta 2006 @ 10:24
|
|
gebardi
Junior Member
|
18. huhtikuuta 2006 @ 10:22 |
Linkki tähän viestiin
|
|
Otin riskin ja poistin Ad awaren ilmoittamat "punapäiset" tiedostot. Jipii... työpöydän taustakuvaa pääsee taas vaihtamaan, joitakin örkkejä jäi siis asemalle. Tehtävienhallinta kun vielä toimis. Onko Ad awareen selkeitä suomalaisia käyttöohjeita olemassa? Tuo alussa mainittu ohjelma varmaan on hyvä, mutta joissakin ketjuissa varoitellaan sen käytöstä niin paljon ettei tavallinen tahvo siihen oikein uskalla kajota. Koneenraatoja pyörii jaloissa, kiinnostaisi yksi laittaa verkkoon ja antaa ilman suojaa kerätä viruksia, joita sitten opettelisi poistamaan. Onko kokemusta moisesta?
www.dpk.fi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 18. huhtikuuta 2006 @ 10:30
|
AfterDawn Addict
|
18. huhtikuuta 2006 @ 11:31 |
Linkki tähän viestiin
|
Laita vaan se HjT-loki, kyllä täällä kerrotaan mitä sitten pitää tehdä :)
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 07:20 |
Linkki tähän viestiin
|
Täs se tulee, toivottavasti ei mitään henk kohtaista! Mitä rivit 016 tarkoittaa?
-------
Logfile of HijackThis v1.99.1
Scan saved at 11:34:28, on 19.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\saa-poistaa\poista.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguidll.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis_v1.99.1.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\GoLive CS_ENG\GoLive.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Reijo\Omat tiedostot\WH5_1854003.dll (file missing)
O2 - BHO: IEFriendly Class - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\Program Files\Httper\httper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program Files\Zipclix\zipclix.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - HKLM\..\Run: [WOOZ] C:\WINDOWS\system32\sxe49F.tmp
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe
O4 - HKLM\..\Run: [Win32 FTP Update] C:\WINDOWS\system32\win32ftpupdate.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChkMail] èn>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\saa-poistaa\poista.exe min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.sci.fi/%7Ephoto/mallit/ThumbnailFrame.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentral...
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_E...
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fi/games14.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 2006reg - C:\Documents and Settings\All Users\Tiedostot\Settings\2006.dll (file missing)
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\chkioleh.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Client - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
------------------
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. huhtikuuta 2006 @ 21:10
|
AfterDawn Addict
|
19. huhtikuuta 2006 @ 07:40 |
Linkki tähän viestiin
|
Koneesi on aivan täynnä örkkejä :(
016-rivit ovat activex-komponentteja, joista suurin osa on pahoja
Poista lisää/poista sovellus-kohdasta (ohjauspaneeli, jos on):
ISTsvc
ZipFlix
Httper
Fixaa HjT:llä (do a system scan only, merkkaa nämä rivit ja paina fix checked):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklmO2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:
O2 - BHO: IEFriendly Class - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\Program Files\Httper\httper.dll (file missing)
O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program Files\Zipclix\zipclix.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe
O4 - HKLM\..\Run: [WOOZ] C:\WINDOWS\system32\sxe49F.tmp
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe
O4 - HKLM\..\Run: [Win32 FTP Update] C:\WINDOWS\system32\win32ftpupdate.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentral...
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_E...
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fi/games14.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O20 - Winlogon Notify: 2006reg - C:\Documents and Settings\All Users\Tiedostot\Settings\2006.dll (file missing)
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\chkioleh.dll (file missing)
Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186
Älä skannaa vielä.
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista, jos löytyy:
C:\Program Files\Httper
C:\Program Files\Zipclix
C:\Program Files\ISTsvc
c:\windows\system32\mscnt.exe
C:\WINDOWS\system32\netfilt4.exe
C:\WINDOWS\inet20001
C:\WINDOWS\system32\sxe49F.tmp
C:\WINDOWS\system32\win32ftpupdate.exe
c:\temp\svchost.exe
C:\Windows\xpupdate.exe
C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
C:\Documents and Settings\All Users\Tiedostot\Settings\2006.dll
C:\WINDOWS\system32\chkioleh.dll
Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.
Käynnistä uudelleen, lähetä uusi HjT-loki ja ewidon raportti.
EDIT: Ja siihen tehtävienhallintajuttuun:
Tallenna tämä työpöydälle (klikkaa hiiren oikealla -> tallenna nimellä)-> http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg
Tuplaklikkaa, paina kyllä ja ok. Käynnistä uudelleen. Toimiiko tehtävienhallinta nyt?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. huhtikuuta 2006 @ 08:39
|
|
aake
Newbie
|
19. huhtikuuta 2006 @ 08:58 |
Linkki tähän viestiin
|
|
Tehtävienhallinta takaisin
Käynnistä, suorita, pastea seuraava siihen:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 09:09 |
Linkki tähän viestiin
|
|
Jep Aaken ohjeella tehtävienhallinta takaisin, kiitos.
Kemistin resepti vielä työnalla.
www.dpk.fi
|
AfterDawn Addict
|
19. huhtikuuta 2006 @ 09:14 |
Linkki tähän viestiin
|
|
@aake: Katoppas tota mun ehdottamaa reg filua, niin siinä on just toi sun ehdottama juttu ja vielä vähän muutakin ;)
@gebardi: Hyvä, että toimii nyt tehtävienhallinta :)
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 09:25 |
Linkki tähän viestiin
|
|
Kerrotko Kemisti vielä mitä tuolla ehdottamallasi suursiivuouksella saan aikaan :O , nyt kun näyttäis toimivan kuin ennenkin. Aattelin jos ne nukkuvat örkit ei herää haittaako tuo, jos eivät rupee sextaileen! Voisin nuijimistakin kokeilla jos vakuutun sen tehosta.
ps.tyhmillä kysymyksillä rakennetaan parempaa maailmaa, toivottavasti.
www.dpk.fi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. huhtikuuta 2006 @ 09:29
|
AfterDawn Addict
|
19. huhtikuuta 2006 @ 09:30 |
Linkki tähän viestiin
|
Hyödyt sen, että ne örkit saadaan pois :) Jos ne nukkuvat, niin ne voivat aktivoitua myöhemmin. Ja samalla selviää onko sulla muitakin örkkejä mitkä eivät näy tuossa HjT-lokissa. Esim. sulla on monta dialeria asennettuna, jotka soittelisivat ulkomaille, jos käyttäisit pelkkää modeemiyhteyttä.
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 09:38 |
Linkki tähän viestiin
|
|
Ok, vakuutti itsensä (if), käärii hihansa ja alkaa töihin.
www.dpk.fi
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 14:42 |
Linkki tähän viestiin
|
Huh huh...hikisen homman jälkeen..
----------------
Logfile of HijackThis v1.99.1
Scan saved at 18:36:41, on 19.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\saa-poistaa\poista.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Reijo\Omat tiedostot\WH5_1854003.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChkMail] èn>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\saa-poistaa\poista.exe min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.sci.fi/%7Ephoto/mallit/ThumbnailFrame.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Client - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
------------------
Evidon raportti
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 18:30:22, 19.4.2006
+ Report-Checksum: C1073E7C
+ Scan result:
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML.1 -> Dialer.Generic : Ignored
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML -> Dialer.Generic : Cleaned without backup
HKLM\SOFTWARE\Classes\EGDHTML.EGDialHTML\CLSID -> Dialer.Generic : Cleaned without backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial\CLSID -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\EGDialObject.EGDial.1 -> Dialer.Generic : Cleaned without backup
HKLM\SOFTWARE\Classes\Httper.IEFriendly -> Adware.Httper : Cleaned without backup
HKLM\SOFTWARE\Classes\Httper.IEFriendly\CLSID -> Adware.Httper : Cleaned without backup
HKLM\SOFTWARE\Classes\Httper.IEFriendly\CurVer -> Adware.Httper : Cleaned without backup
HKLM\SOFTWARE\Classes\Httper.IEFriendly.1 -> Adware.Httper : Cleaned without backup
HKLM\SOFTWARE\Classes\ISTactivex.Installer.1 -> Adware.ISTBar : Cleaned without backup
HKLM\SOFTWARE\ComSoft -> Dialer.Generic : Cleaned without backup
HKLM\SOFTWARE\ComSoft\Dialers -> Dialer.Generic : Cleaned without backup
HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Adware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bargain Buddy -> Adware.BargainBuddy : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar -> Adware.ISTBar : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\ComSoft -> Dialer.Generic : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\EGDHTML -> Dialer.Generic : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Httper -> Adware.Httper : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Httper\Settings -> Adware.Httper : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\IST -> Adware.ISTBar : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\ISTbar -> Adware.ISTBar : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Premium Web Service -> Dialer.Generic : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Zipclix -> Adware.ZipClix : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Zipclix\Toolbar -> Adware.ZipClix : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Zipclix\Toolbar\History -> Adware.ZipClix : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Zipclix\Toolbar\History\Zipclix Search -> Adware.ZipClix : Cleaned without backup
HKU\S-1-5-21-3199486475-3442376193-1714846927-1005\Software\Zipclix\Toolbar\Settings -> Adware.ZipClix : Cleaned without backup
::Report End
toivottavasti joitakin örkkejä lähti kiertoradalle!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. huhtikuuta 2006 @ 21:11
|
AfterDawn Addict
|
19. huhtikuuta 2006 @ 15:19 |
Linkki tähän viestiin
|
Ajoithan varmasti ewidolla complete system scanin? Koska tuossa on vain poistettuja rekisteriavaimia. Jos et, niin tee se nyt.
Fixaa nämä:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Reijo\Omat tiedostot\WH5_1854003.dll (file missing)
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
Tämä näyttää oudolta. Jos et tiedä mikä se on fixaa sekin:
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\saa-poistaa\poista.exe min
Poista:
C:\Documents and Settings\Reijo\Omat tiedostot\WH5_1854003.dll
C:\DOCUME~1\Reijo\LOCALS~1\Temp\49A.tmp
(C:\Program Files\saa-poistaa)
Käynnistä uudelleen ja lähetä uusi HjT-loki.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. huhtikuuta 2006 @ 15:20
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 17:29 |
Linkki tähän viestiin
|
Ewido ajettu uudelleen.
-----------------
Logfile of HijackThis v1.99.1
Scan saved at 21:25:01, on 19.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChkMail] èn>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.sci.fi/%7Ephoto/mallit/ThumbnailFrame.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Client - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
---------
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. huhtikuuta 2006 @ 21:12
|
Senior Member
|
19. huhtikuuta 2006 @ 17:47 |
Linkki tähän viestiin
|
Tämä vielä fixiin:
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://www.sci.fi/%7Ephoto/mallit/ThumbnailFrame.html
ja tämä pitäisi poistaa:
C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
ASAP & UNITE member since 2006
 |
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 18:19 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 22:14:35, on 19.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE
C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Anti-Virus\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChkMail] èn>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcamera.vaasa.fi/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure 2006 (BackWeb Client - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
tätä en saanut Hj:llä pois
C:\Documents and Settings\All Users\Tiedostot\Settings\3246762198745124975.dll
Mikä se muuten on?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. huhtikuuta 2006 @ 21:09
|
Senior Member
|
19. huhtikuuta 2006 @ 18:45 |
Linkki tähän viestiin
|
|
Tuota dll-tiedostoa ei fixata, vaan käydään vain poistamassa ko. hakemistosta. Bongasin sen siitä Ewidon lokista, jonka jälkeenpäin sitten editoit pois viestistäsi. ;) Ewido ei ollut onnistunut poistamaan.
Jos tiedosto ei lähde normaalitilassa eikä vikasietotilassa, kokeillaan järeämpiä keinoja. :)
ASAP & UNITE member since 2006
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 19:05 |
Linkki tähän viestiin
|
|
Nyt tuli tälläinen tieto.
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 23:03:01, 19.4.2006
+ Report-Checksum: C88F9D35
+ Scan result:
No infected objects found.
::Report End
www.dpk.fi
|
|
gebardi
Junior Member
|
19. huhtikuuta 2006 @ 19:21 |
Linkki tähän viestiin
|
|
Onkohan nyt kaikki kunnossa? Jos on kiitoksia neuvoista.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. huhtikuuta 2006 @ 15:25
|
|
gebardi
Junior Member
|
21. huhtikuuta 2006 @ 15:35 |
Linkki tähän viestiin
|
www.dpk.fi
|
|
Mainos
|
|
|
Senior Member
|
21. huhtikuuta 2006 @ 15:45 |
Linkki tähän viestiin
|
|
ActiveX komponentteja, joita "tarttuu" mukaan netissä pyöriessä. Nuo listaamasi ovat vaarattomia. :)
ASAP & UNITE member since 2006
|
