|
hjt-logi tarkistettavaksi
|
|
|
just4play
Member
|
13. toukokuuta 2006 @ 12:18 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 10:43:42 PM, on 13/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\dgkqbraj.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINNT\wwcstkv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\jeff\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webfile.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [A63e1F] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINNT\wwcstkv.exe
O4 - HKLM\..\Run: [bO²�ùð]×y-¯?] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [bO²�ùõö/ØG%)�ßfÏNb¡¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dgkqbraj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA768E6-57EC-45A2-B50F-2E08ACE40726}: NameServer = 203.2.124.164 203.2.124.165
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
ymmärrystä - olen vasta-alkaja!
|
AfterDawn Addict
|
13. toukokuuta 2006 @ 13:04 |
Linkki tähän viestiin
|
Hieno kokoelma örkkejä :)
HjT omaan kansioon -> c:\hjt
Poista ohjauspaneelista (lisää/poista sovellus)
SideFind
YourSiteBar
ISTsvc
SurfAccuracy
Internet Optimizer
Power Scan
WinFixer 2005
Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):
3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [A63e1F] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ReJf5vH] C:\WINNT\wwcstkv.exe
O4 - HKLM\..\Run: [bO²�ùð]×y-¯?] C:\WINNT\dgkqbraj.exe
O4 - HKLM\..\Run: [bO²�ùõö/ØG%)�ßfÏNb¡¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\dgkqbraj.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
Imuroi aproposfix:
http://swandog46.geekstogo.com/aproposfix.exe
Tallenna työpöydälle. älä aja sitä vielä.
Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista, jos löytyy:
C:\WINNT\nem220.dll
C:\Program Files\SideFind
C:\Program Files\YourSiteBar
C:\Program Files\ISTsvc
C:\Program Files\SurfAccuracy
C:\Program Files\Internet Optimizer
C:\Program Files\Power Scan
C:\WINNT\dgkqbraj.exe
C:\WINNT\wwcstkv.exe
C:\Program Files\WinFixer 2005
C:\WINNT\web\related.htm
Vikasiedossa tuplaklikkaa aproposfix.exe ja pura se työpöydälle omaan kansioonsa.
Sitte eti kansiosta runthis.bat, seuraa näyttöä ja vastaa kysymyksiin.
Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.
Käynnistä uudelleen ja lähetä ewidon raportti, uusi HjT-loki ja aproposfix-kansiosta sen loki log.txt.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. toukokuuta 2006 @ 13:05
|
|
just4play
Member
|
14. toukokuuta 2006 @ 11:15 |
Linkki tähän viestiin
|
|
paasin kylla f8lla johonkin valikkoon mutta sitten tuli ongelmaksi kun ei oikein tieda mika on vikasietotila englanniksi! jos joku viitsisi noi viela kaantaa lontooksi! kiitos
ymmärrystä - olen vasta-alkaja!
|
AfterDawn Addict
|
14. toukokuuta 2006 @ 11:30 |
Linkki tähän viestiin
|
|
|
|
just4play
Member
|
15. toukokuuta 2006 @ 08:57 |
Linkki tähän viestiin
|
tassa sitten raportit!
ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:05:12 PM, 15/05/2006
+ Report-Checksum: FA3CE2B2
+ Scan result:
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1606980848-842925246-1957994488-1003\Software\PowerScan -> Adware.PowerScan : Cleaned with backup
C:\WINDOWS\Cookies\jeff@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Cookies\jeff@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Cookies\jeff@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\WINDOWS\Cookies\jeff@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Cookies\jeff@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Cookies\jeff@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Cookies\jeff@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\jeff@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\WINDOWS\Cookies\jeff@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Cookies\jeff@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Cookies\jeff@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Cookies\jeff@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Cookies\jeff@ehg-guba.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\WINDOWS\Cookies\jeff@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\WINDOWS\Cookies\jeff@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Cookies\jeff@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Cookies\jeff@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\WINDOWS\Cookies\jeff@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Common Files\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\RECYCLED\Dc14.dll -> Downloader.Dyfuca : Cleaned with backup
C:\RECYCLED\Dc17\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.nt : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\jeff\Local Settings\Temp\uninstall.exe -> Adware.PowerScan : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@sensis.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casinolasvegas[1].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@digitalhomediscountptyltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@e-2dj6wjlosmazefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@banner.casinolasvegas[2].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@www.sidefind[3].txt -> TrackingCookie.Sidefind : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@banner.casinolasvegas[3].txt -> TrackingCookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\jeff\Cookies\jeff@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP6\A0018756.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP6\A0018757.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029363.dll -> Adware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029364.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029365.EXE -> Downloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029366.EXE -> Downloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029367.EXE -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029368.exe -> Adware.SurfAcc : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029369.exe -> Adware.SurfAcc : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029371.exe -> Adware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029372.exe -> Adware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029387.dll -> Adware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{24F2ED77-4367-4EF6-A5E8-9735C0F5B58C}\RP7\A0029391.dll -> Downloader.IstBar.ms : Cleaned with backup
::Report End
ja sitten HjT-logi:
Logfile of HijackThis v1.99.1
Scan saved at 7:18:04 PM, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Documents and Settings\jeff\Local Settings\Temp\Temporary Directory 4 for HijackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
ja viela aproposfix:
Log of AproposFix v1.1
************
Running from directory:
C:\Documents and Settings\jeff\Desktop\aproposfix2\aproposfix
************
Registry entries found:
ymmärrystä - olen vasta-alkaja!
|
AfterDawn Addict
|
15. toukokuuta 2006 @ 09:00 |
Linkki tähän viestiin
|
|
|
|
just4play
Member
|
15. toukokuuta 2006 @ 09:22 |
Linkki tähän viestiin
|
|
mista nakee onko siina palomuuri?
ymmärrystä - olen vasta-alkaja!
|
AfterDawn Addict
|
15. toukokuuta 2006 @ 09:29 |
Linkki tähän viestiin
|
|
No kun sulla ei ole SP2:sta ja tietoturvakeskusta ohjauspaneelissa, niin mistään ei näe varmasti. Käsitykseni mukaan tuo on pelkkä antivirus. Onko sitten Windowsin oma palomuuri päällä? Siis Control Panel -> Windows Firewall. Sieltä näkee.
|
|
just4play
Member
|
15. toukokuuta 2006 @ 10:44 |
Linkki tähän viestiin
|
|
ei taman koneen control panelissa ole edes kohtaa firewall :) eli ei siis ole palomuuria... taytyypa ladata sekin sitten... kiitti
ymmärrystä - olen vasta-alkaja!
|
AfterDawn Addict
|
15. toukokuuta 2006 @ 10:47 |
Linkki tähän viestiin
|
|
Juu, palomuuri on syytä olla ja ole hyvä :)
|
|
just4play
Member
|
17. toukokuuta 2006 @ 01:15 |
Linkki tähän viestiin
|
|
tuleeko ongelmaa jos on mcafeen virustorjunta ja joku muu palomuuri? pystytko suosittelemaan mitaan noista palomuureista?
vai kannattaisko vaihtaa virustorjunta samantien?
ymmärrystä - olen vasta-alkaja!
|
|
Mainos
|
|
|
AfterDawn Addict
|
17. toukokuuta 2006 @ 06:18 |
Linkki tähän viestiin
|
|
Ei pitäisi tulla ongelmia. ZoneAlarm ja Kerio ovat hyviä palomuureja.
|
