|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Pop-uppeja ilmestyy tyhjästä. Hjt-loki
|
|
|
Jokkee
Member
1 tuotearvio
|
20. lokakuuta 2006 @ 14:28 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 18:27:14, on 20.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Xfire\xfire.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\HJT\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ElseDelete] C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1\Bib Third Inter.exe
O4 - Startup: Mail Shower.lnk = C:\Program Files\Mail Shower\mailshower.exe
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1146941046234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Intel core2 6750
Asus p5k
2g 800mhz ddr2
500Gb sata2
Asus GeForce 8800GTS 640mb
Antec p180
550w power
Kiitos Ja Anteeksi...
|
|
Marku2
Senior Member
|
22. lokakuuta 2006 @ 07:45 |
Linkki tähän viestiin
|
Nimeä HijackThis.exe uudelleen -> Skanner.exe
Lähetä uusi HjT-loki.
|
|
Jokkee
Member
1 tuotearvio
|
24. lokakuuta 2006 @ 10:53 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 14:50:53, on 24.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mail Shower\mailshower.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\winamp\winamp.exe
C:\HJT\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Mail Shower.lnk = C:\Program Files\Mail Shower\mailshower.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1146941046234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Tässäpä tämä kehsi vähän.
Edit: Hups meni nimi väärin, mut ei kai se haittaa? Pää asia tais olla se nimen muuttaminen? vai?
Intel core2 6750
Asus p5k
2g 800mhz ddr2
500Gb sata2
Asus GeForce 8800GTS 640mb
Antec p180
550w power
Kiitos Ja Anteeksi...
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. lokakuuta 2006 @ 10:57
|
|
Marku2
Senior Member
|
24. lokakuuta 2006 @ 12:20 |
Linkki tähän viestiin
|
Ei haittaa :)
Poista Lisää/Poista sovelluksesta:
Java - Päivitämme javan uusimpaan versioon
ewido anti-spyware 4.0 - Päivitämme ewidon uusimpaan versioon
Käynnistä kone uudelleen!
Poista tämä kansio:
C:\Program Files\ewido anti-spyware 4.0
Päivitä java: uusin java on: Java Runtime Environment Version 5.0 Update 9
Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
Valitse kaikki entiset Java versiosi ja valitse Poista.
Asenna uusin Java päivitys seuraavasta linkistä..
Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
Varmista että kaikki kolme valintaa ovat rastitettuja:
Downloaded Applets
Downloaded Applications
Other Files
Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
Klikkaa OK jättääksesi Java asetusikkunasi.
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Hae AVG Anti-Spyware -> http://aaxxeell.googlepages.com/ewido4
Päivitä, Scannaa, Poista löydöt ja tallenna raportti.
Sammuta AVG:n taustasuojaus: klikkaa "Shield" kuvaketta ikkunan ylälaidassa
"Resident shield is", muuta tila active:sta inactive:ksi
Lähetä uusi HjT-loki, C:\Combofix.txt ja AVG:n raportti.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. lokakuuta 2006 @ 14:45
|
|
Jokkee
Member
1 tuotearvio
|
28. lokakuuta 2006 @ 13:30 |
Linkki tähän viestiin
|
Eli tota AVG:tä en saanut suoritettua normaali tilassa, kun se vaan kaataa koneen automaattisesti. Sit vikasietotilassa se toimi, mut ei tehny raporttia. Sit ei suostunu kone enää kännistyyn normaalisti ellei poistanu AVG:tä. Kaikki muut sain tehtyä. Sit epäilen kovasti että noi pop-upit tulee tommosesta ku IEXPLORE.EXE niitä löytyy tuolta prosesseista kaks kappaletta, jos yrittää poistaa tulee ne autom. takas.
Mut täs kuiteskin HjT ja Combofix.
HJT-Logi
Logfile of HijackThis v1.99.1
Scan saved at 17:22:45, on 28.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mail Shower\mailshower.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\winamp\winamp.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
C:\HJT\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ElseDelete] C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1\Bib Third Inter.exe
O4 - Startup: Mail Shower.lnk = C:\Program Files\Mail Shower\mailshower.exe
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1146941046234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Combofix-Logi
Jouka - 06-10-28 15:33:49,95 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox 2 Beta 1"
((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))
2006-10-21 19:55 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-21 13:30 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2006-10-20 23:08 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-10-16 16:33 4,019,072 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2006-10-16 16:33 315,392 --a------ C:\WINDOWS\alcupd.exe
2006-10-16 16:33 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2006-10-14 10:44 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-10-12 17:58 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-12 17:33 788,896 --a------ C:\sptdinst_x86.exe
2006-10-11 19:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-11 18:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-11 18:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-07 21:44 6,702 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2006-10-07 21:44 18,359 --a------ C:\WINDOWS\system32\Ntaccess.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-28 15:33 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 1
2006-10-28 15:31 -------- d-------- C:\Program Files\Java
2006-10-28 15:30 -------- d-------- C:\Program Files\Common Files\Java
2006-10-28 15:30 -------- d-------- C:\Program Files\Common Files
2006-10-28 14:10 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-28 13:56 -------- d-------- C:\Program Files\Activision
2006-10-28 13:09 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-28 00:03 -------- d-------- C:\Documents and Settings\Jouka\Application Data\uTorrent
2006-10-27 22:59 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Xfire
2006-10-24 23:25 -------- d-------- C:\Program Files\Windows Media Player
2006-10-24 19:36 -------- d-------- C:\Program Files\EvilLyrics
2006-10-24 16:44 -------- d-------- C:\Program Files\mIRC
2006-10-22 22:40 -------- d-------- C:\Program Files\Electronic Arts
2006-10-21 19:30 -------- d-------- C:\Program Files\THQ
2006-10-21 10:01 -------- d---s---- C:\Program Files\Xfire
2006-10-21 06:51 -------- d-------- C:\Program Files\PowerStrip
2006-10-20 23:09 -------- d-------- C:\Program Files\ATI Technologies
2006-10-20 21:14 -------- d---s---- C:\Documents and Settings\Jouka\Application Data\Microsoft
2006-10-20 17:41 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Ventrilo
2006-10-17 18:42 -------- d-------- C:\Program Files\Ubisoft
2006-10-17 10:39 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Azureus
2006-10-16 21:26 -------- d-------- C:\Program Files\NetPumper
2006-10-16 21:22 -------- d-------- C:\Documents and Settings\Jouka\Application Data\NetPumper
2006-10-16 21:20 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Fork Proc Remote
2006-10-16 21:19 -------- d-------- C:\Program Files\Fork Proc Remote
2006-10-16 16:33 -------- d-------- C:\Program Files\Realtek AC97
2006-10-16 15:58 -------- d-------- C:\Program Files\Winamp
2006-10-16 15:47 -------- d-------- C:\Program Files\Driver Cleaner Pro
2006-10-16 15:08 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-10-15 23:37 359040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-10-15 20:07 -------- d-------- C:\Program Files\Mail Shower
2006-10-15 16:37 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Adobe
2006-10-14 11:50 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Ahead
2006-10-14 11:35 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-14 11:34 -------- d-------- C:\Program Files\Nero
2006-10-14 11:26 -------- d-------- C:\Program Files\Ahead
2006-10-14 11:00 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-14 10:44 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-13 23:28 -------- d-------- C:\Program Files\VideoLAN
2006-10-13 23:28 -------- d-------- C:\Documents and Settings\Jouka\Application Data\vlc
2006-10-12 18:10 -------- d-------- C:\Program Files\Sierra
2006-10-12 18:08 -------- d-------- C:\Documents and Settings\Jouka\Application Data\InstallShield
2006-10-12 18:06 -------- d-------- C:\Program Files\Internet Explorer
2006-10-12 18:04 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-11 21:11 -------- d-------- C:\Documents and Settings\Jouka\Application Data\teamspeak2
2006-10-11 20:43 -------- d-------- C:\Program Files\Azureus
2006-10-11 20:41 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Sun
2006-10-11 19:46 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Macromedia
2006-10-11 19:45 -------- d-------- C:\Program Files\NetMeeting
2006-10-11 19:45 -------- d-------- C:\Program Files\ImageShack
2006-10-11 19:45 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Talkback
2006-10-11 19:45 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Mozilla
2006-10-11 19:34 -------- d-------- C:\Program Files\EA GAMES
2006-10-11 19:28 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Logitech
2006-10-11 19:28 -------- d-------- C:\Documents and Settings\Jouka\Application Data\ATI
2006-10-11 19:27 -------- d-------- C:\Documents and Settings\Jouka\Application Data\Identities
2006-10-11 19:12 -------- d-------- C:\Program Files\msn gaming zone
2006-10-11 19:10 -------- d-------- C:\Program Files\Outlook Express
2006-10-11 19:10 -------- d-------- C:\Program Files\Common Files\System
2006-10-11 18:49 62 --ahs---- C:\Documents and Settings\Jouka\Application Data\desktop.ini
2006-10-07 22:32 21808 --a------ C:\WINDOWS\system32\drivers\Aldebaran.sys
2006-10-07 22:32 16855 --a------ C:\WINDOWS\system32\drivers\Achernar.sys
2006-10-07 21:44 -------- d-------- C:\Program Files\MSI
2006-10-07 21:41 -------- d-------- C:\Program Files\Setup Files
2006-09-27 22:09 -------- d-------- C:\Program Files\Ventrilo
2006-09-27 22:09 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-27 22:08 -------- d-------- C:\Program Files\VentSrv
2006-09-27 17:43 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-09-24 13:46 -------- d-------- C:\Program Files\Rockstar Games
2006-09-23 00:15 -------- d-------- C:\Program Files\SpeedFan
2006-09-19 17:14 -------- d-------- C:\Program Files\oo2-soikko-Windows-1.1.2
2006-09-19 17:13 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-09-15 21:16 -------- d-------- C:\Program Files\URUSoft
2006-09-13 13:23 -------- d-------- C:\Program Files\Valve
2006-09-08 17:17 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-08 17:16 -------- d-------- C:\Program Files\MSN Messenger
2006-09-02 22:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-02 19:27 -------- d-------- C:\Program Files\Adobe
2006-09-01 19:24 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-08-25 06:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-23 05:11 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-23 04:53 260096 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-23 04:47 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-23 04:46 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-23 04:46 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-23 04:46 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-23 04:46 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-23 04:45 413696 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-23 04:44 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-23 04:38 2401984 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-23 04:33 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-23 04:33 2510752 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-23 04:27 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-23 04:24 5140480 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-23 04:21 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-23 04:19 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-23 04:14 290816 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-16 17:35 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-10 07:27 10528768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2006-08-03 05:12 577536 --a------ C:\WINDOWS\soundman.exe
2006-08-01 15:02 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2006-08-01 14:58 143360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ElseDelete"="C:\\DOCUME~1\\Jouka\\APPLIC~1\\FORKPR~1\\Bib Third Inter.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"Logitech Hardware Abstraction Layer"="\"C:\\Program Files\\Common Files\\Logitech\\KhalShared\\KHALMNPR.EXE\""
@=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"PowerStrip"="c:\\program files\\powerstrip\\pstrip.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,60,01,00,00,00,00,00,00,20,03,00,00,22,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,72,03,00,00,23,00,00,00,fc,00,00,00,f2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ HijackThis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061016-213115-748
O4 - HKCU\..\Run: [ElseDelete] C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1\Bib Third Inter.exe
backup-20061016-213115-362
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
backup-20060820-191646-146
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
backup-20060805-113546-725
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
backup-20060805-113546-630
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
backup-20060805-113546-746
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
backup-20060731-233324-242
O3 - Toolbar: MSN Search -työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fi-fi\msntb.dll (file missing)
backup-20060625-141853-717
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C5E214789DAA75760EA83FA5EF80752B94E3D77E5B7D47293FC6 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
backup-20060625-141854-805
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
backup-20060507-143102-874
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
backup-20060429-152317-719
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - (no file)
backup-20060429-152317-499
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
backup-20060429-152317-740
R3 - URLSearchHook: (no name) - <default> - (no file)
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B4408CC39083020F.job
Completion time: 06-10-28 15:35:24.90
C:\ComboFix.txt ... 06-10-28 15:35
Intel core2 6750
Asus p5k
2g 800mhz ddr2
500Gb sata2
Asus GeForce 8800GTS 640mb
Antec p180
550w power
Kiitos Ja Anteeksi...
|
|
Marku2
Senior Member
|
28. lokakuuta 2006 @ 17:26 |
Linkki tähän viestiin
|
Hae Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt
Lähetä uusi HjT-loki ja C:\findlop.txt
Hae Ccleaner -> Linkki
Ccleaner -> Opas!
Aja Ccleanerilla: Puhdista ja korjaa rekisteri virheet.
|
|
Jokkee
Member
1 tuotearvio
|
28. lokakuuta 2006 @ 19:18 |
Linkki tähän viestiin
|
Findlop
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'B4408CC39083020F.job'
[TRACE] Printing all job properties
ApplicationName: 'c:\docume~1\jouka\applic~1\forkpr~1\bits multi extra.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Jouka'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/28/2006 23:00:00
NextRun: 10/29/2006 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/06/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
Hjt
Logfile of HijackThis v1.99.1
Scan saved at 23:17:40, on 28.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mail Shower\mailshower.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\HJT\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1146941046234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Intel core2 6750
Asus p5k
2g 800mhz ddr2
500Gb sata2
Asus GeForce 8800GTS 640mb
Antec p180
550w power
Kiitos Ja Anteeksi...
|
|
Marku2
Senior Member
|
29. lokakuuta 2006 @ 05:53 |
Linkki tähän viestiin
|
Poista tämä kansio:
C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1
Lataa Killbox Option^Explicitiltä.
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.
Tallenna työpöydällesi.
Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
Valitse: Delete on Reboot sitten klikkaa All Files valintaa.
Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
C:\WINDOWS\tasks\B4408CC39083020F.job
Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.
Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.
Lähetä uusi HjT-loki.
|
|
Jokkee
Member
1 tuotearvio
|
29. lokakuuta 2006 @ 06:52 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 10:51:38, on 29.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ElseDelete] C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1\Bib Third Inter.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1146941046234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.152.196.254/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Nyt näyttää olevan IEXPLORE.EXE kadonneen prosesseista.
KIITOS!!
Intel core2 6750
Asus p5k
2g 800mhz ddr2
500Gb sata2
Asus GeForce 8800GTS 640mb
Antec p180
550w power
Kiitos Ja Anteeksi...
|
|
Mainos
|
|
|
|
Marku2
Senior Member
|
29. lokakuuta 2006 @ 08:10 |
Linkki tähän viestiin
|
Fixaa HjT:llä (Do a system scan only, merkkaa ja paina fix checked)
O4 - HKCU\..\Run: [ElseDelete] C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1\Bib Third Inter.exe
Laita piilotiedostot näkyviin -> Ohje!
Käynnistä kone vikasietotilaan
Poista tämä kansio:
C:\DOCUME~1\Jouka\APPLIC~1\FORKPR~1
Käynnistä kone normaalitilaan!
Lataa ja tallenna Blacklight työpöydällesi;
Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa -> Scan, sitten -> Next
Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).
Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".
Hae Findlop by Metallica
pura zippi, tuplaklikkaa findlop.bat
loki on täällä -> C:\findlop.txt
Lähetä uusi HjT-loki, Blacklight-loki ja C:\findlop.txt.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 29. lokakuuta 2006 @ 08:15
|
|
