|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HiJackThis logi katsottavaksi. (Kone sekaisin)
|
|
|
Vancet
Junior Member
|
30. toukokuuta 2007 @ 16:30 |
Linkki tähän viestiin
|
|
|
|
Auttaja
Suspended permanently
|
30. toukokuuta 2007 @ 16:35 |
Linkki tähän viestiin
|
laita mielummin tähän ketjuun seuraavat lokit
======0
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
==========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
==========
älä välitä vaikka tää ohje on vähän vanhentunut
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
uuden HijackThis lokin kera., eli siis vundofixin ja sdfixin lokit lisäks
|
|
Vancet
Junior Member
|
30. toukokuuta 2007 @ 17:07 |
Linkki tähän viestiin
|
|
Nyt on semmonen ongelma, että en näe työpöytää. Selaimen sain auki tehtävienhallinnan suorita toiminnolla. Ja Omaan Tietokoneeseen en pääse. Eli näkyy vain taustakuva.
|
|
Auttaja
Suspended permanently
|
30. toukokuuta 2007 @ 17:10 |
Linkki tähän viestiin
|
|
pystytkö kirjottaa suorita riville
C:\
?
|
|
Vancet
Junior Member
|
30. toukokuuta 2007 @ 17:14 |
Linkki tähän viestiin
|
|
Koitin mutta kuvakkeet ja tehtäväpalkki tulevat sekunniksi ja katoavat.
|
|
Auttaja
Suspended permanently
|
30. toukokuuta 2007 @ 17:15 |
Linkki tähän viestiin
|
|
|
Vancet
Junior Member
|
30. toukokuuta 2007 @ 18:06 |
Linkki tähän viestiin
|
|
Joo käynnistin vikasietotilaan ja nyt tää oikeekin tila alko pelaan. Kiitos. Alan noita logeja tähän laitteleen jossain vaiheessa.
|
|
Vancet
Junior Member
|
2. kesäkuuta 2007 @ 11:42 |
Linkki tähän viestiin
|
Noniin alotetaas:
--------------------------------------------------------------
Vundofix:
C:\WINDOWS\system32\bjlptuih.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.10
Scan started at 21:02:14 30.5.2007
Listing files found while scanning....
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\fcccyvs.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\fcccyvs.dll Has been deleted!
Performing Repairs to the registry.
Done!
---------------------------------------------------------------------
combofix:
2:42:46 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Program Files\Mozilla Firefox\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\wintuh32.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\launcher.exe"
"C:\WINDOWS\avp.exe"
"C:\WINDOWS\smanager.7.exe"
((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))
2007-06-02 12:40 93,696 --a------ C:\WINDOWS\system32\drvpec.dll
2007-06-02 12:40 33,302 --a------ C:\WINDOWS\system32\opnljkk.dll
2007-05-30 22:09 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\xsbujklg.exe
2007-05-30 17:11 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-29 12:08 28,160 --a------ C:\WINDOWS\system32\winsys64.exe
2007-05-29 08:20 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-29 08:20 17,705 --a------ C:\WINDOWS\War3Unin.dat
2007-05-29 08:20 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-05-28 12:53 <KANSIO> d-------- C:\Program Files\Warcraft III
2007-05-25 18:14 <KANSIO> d-------- C:\Program Files\World of Warcraft
2007-05-22 16:38 <KANSIO> d-------- C:\WINDOWS\WoWscape Server Browser
2007-05-20 16:43 <KANSIO> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-18 18:40 <KANSIO> d-------- C:\0a975f879bd91069f8f8d8
2007-05-18 07:29 <KANSIO> d-------- C:\Program Files\Power Tab Software
2007-05-17 19:29 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-17 08:31 <KANSIO> d-------- C:\Program Files\Conquer 2.0
2007-05-17 08:27 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\InstallShield
2007-05-14 15:42 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-05-14 15:42 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-14 15:42 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-05-14 15:42 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-05-14 15:42 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-05-14 15:42 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-05-14 15:42 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-05-14 15:42 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-05-14 15:42 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-05-14 15:42 217,073 --a------ C:\WINDOWS\meta4.exe
2007-05-14 15:42 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2007-05-14 15:41 31,744 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-05-14 15:41 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-05-14 15:40 <KANSIO> d-------- C:\Program Files\eRightSoft
2007-05-12 10:51 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-12 10:51 1,639,424 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-05-12 10:51 <KANSIO> d-------- C:\Program Files\PMPro Mobile Phone Video Converter
2007-05-12 10:51 <KANSIO> d-------- C:\MediaOut
2007-05-12 10:42 <KANSIO> d-------- C:\OutputFolder
2007-05-12 10:37 <KANSIO> d-------- C:\Program Files\MIKSOFT
2007-05-08 16:15 <KANSIO> d-------- C:\Program Files\Theme Studio
2007-05-08 15:48 <KANSIO> d-------- C:\temp
2007-05-08 15:47 <KANSIO> d--h----- C:\Program Files\Zero G Registry
2007-05-08 15:47 <KANSIO> d-------- C:\Nokia
2007-05-08 15:47 <KANSIO> d-------- C:\Documents and Settings\Janne\.Nokia
2007-05-08 15:47 <KANSIO> d-------- C:\DOCUME~1\Janne\.Nokia
2007-05-07 20:47 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Nokia Multimedia Player
2007-05-07 14:38 <KANSIO> d-------- C:\Program Files\PolyPhonix Studio
2007-05-06 12:20 <KANSIO> d-------- C:\WINDOWS\system32\URTTEMP
2007-05-05 08:39 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-05-05 08:39 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-05-05 08:39 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-05-05 08:39 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-05-05 08:39 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-05-05 08:25 <KANSIO> d-------- C:\Program Files\BluetoothPCDialer
2007-05-04 14:42 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-05-04 09:04 <KANSIO> d--hs---- C:\Documents and Settings\Janne\Phone Browser
2007-05-04 09:04 <KANSIO> d--hs---- C:\DOCUME~1\Janne\Phone Browser
2007-05-04 08:59 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Nokia
2007-05-04 08:59 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-05-04 08:57 <KANSIO> d-------- C:\Program Files\DIFX
2007-05-04 08:57 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-05-04 08:57 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-05-04 08:56 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-05-04 08:56 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-05-04 08:56 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-05-04 08:56 <KANSIO> d-------- C:\Program Files\Nokia
2007-05-04 08:56 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\PC Suite
2007-05-04 08:55 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-30 17:29:52 -------- d-----w C:\Program Files\Hijack This
2007-05-29 05:16:53 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\uTorrent
2007-05-28 18:34:44 -------- d-----w C:\Program Files\DCPlusPlus
2007-05-28 10:50:07 16 ----a-w C:\WINDOWS\system32\msvcsv60.dll
2007-05-28 10:50:07 16 ----a-w C:\WINDOWS\msocreg32.dat
2007-05-23 20:02:30 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-22 04:22:47 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-05-17 05:31:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 15:33:53 -------- d-----w C:\Program Files\eMule
2007-05-10 15:58:42 -------- d-----w C:\Program Files\UOGateway
2007-05-10 15:01:03 76,842 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-05-10 15:01:03 378,280 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-05-05 05:40:27 -------- d-----w C:\Program Files\LastChaosMal
2007-05-01 17:53:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\X-Chat 2
2007-04-29 15:36:54 471,040 ----a-w C:\WINDOWS\Metallica Screensaver.scr
2007-04-29 15:36:51 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-04-26 14:22:13 -------- d-----w C:\Program Files\Steam
2007-04-25 11:44:00 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-04-22 05:15:25 -------- d-----w C:\Program Files\Rockstar Games
2007-04-21 06:06:24 -------- d-----w C:\Program Files\LucasArts
2007-04-20 19:14:24 -------- d-----w C:\Program Files\DOSBox-0.70
2007-04-20 12:32:40 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Subversion
2007-04-19 19:02:04 111,227 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-18 18:15:42 -------- d-----w C:\Program Files\UOAM
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 18:17:18 -------- d-----w C:\Program Files\GetRight
2007-04-17 16:16:45 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Tracktion
2007-04-17 16:15:31 -------- d-----w C:\Program Files\Tracktion2
2007-04-14 05:59:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Hamachi
2007-04-13 18:48:51 -------- d-----w C:\Program Files\Razor
2007-04-11 11:58:43 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-04-11 09:12:41 -------- d-----w C:\Program Files\LittleFighter2
2007-04-11 03:52:57 -------- d-----w C:\Program Files\EA Games
2007-04-10 05:00:26 -------- d-----w C:\Program Files\directx
2007-04-10 04:53:33 -------- d-----w C:\Program Files\CIB
2007-04-09 07:40:05 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-09 07:24:31 -------- d-----w C:\Program Files\Hamachi
2007-04-08 13:18:29 -------- d-----w C:\Program Files\Gpotato
2007-04-05 14:19:56 -------- d-----w C:\Program Files\Haste Network
2007-04-04 05:34:14 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Screenshot Sender
2007-04-04 05:16:41 -------- d-----w C:\Program Files\MSN Messenger
2007-04-03 13:01:31 -------- d-----w C:\Program Files\AskWord'97
2007-04-03 04:24:30 -------- d-----w C:\Program Files\Gamescampus
2007-03-31 05:32:48 721 ----a-w C:\WINDOWS\eReg.dat
2007-03-29 16:05:41 194,560 ----a-w C:\WINDOWS\screensaver.scr
2007-03-29 16:05:35 606,848 ----a-w C:\WINDOWS\flashax.exe
2007-03-29 15:36:24 471,040 ----a-w C:\WINDOWS\Metallica Screensaver MA Tour.scr
2007-03-18 06:37:10 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-17 18:43:40 19 ----a-w C:\WINDOWS\system32\el32.dll
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-07 17:15:04 277,142 --sha-w C:\WINDOWS\system32\mllml.dll.vir
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-05 00:57]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]
{73BA12CB-F801-41F7-B199-0474FB66D090}=C:\WINDOWS\system32\fcccyvs.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
{B2030C9A-DE59-457D-A042-D827AD69C8F3}=C:\WINDOWS\system32\cbxxvwt.dll []
{BA2475E0-D277-4259-80A7-55FAA1FCA823}=C:\WINDOWS\system32\ddccy.dll []
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]
{F4419142-6822-4870-B64B-3C093CD0928A}=C:\WINDOWS\system32\geeda.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"SoundMan"="SOUNDMAN.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"xsbujklg.exe"="C:\Documents and Settings\All Users\Application Data\xsbujklg.exe" [2007-05-30 22:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 19:24]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
"{73BA12CB-F801-41F7-B199-0474FB66D090}"="C:\WINDOWS\system32\fcccyvs.dll" []
"{B2030C9A-DE59-457D-A042-D827AD69C8F3}"="C:\WINDOWS\system32\cbxxvwt.dll" []
"{E5225210-F293-40FE-BB2F-D5A3C7F13C47}"="C:\WINDOWS\system32\opnljkk.dll" [2007-06-02 12:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnljkk]
opnljkk.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-05-26 15:15:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 09:08:03 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 12:51:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-02 12:53:38
C:\ComboFix-quarantined-files.txt ... 2007-06-02 12:53
--- E O F ---
-----------------------------------------------------------------
SDfix:
SDFix: Version 1.85
Run by Janne - la 02.06.2007 - 13:11:33,06
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Janne\SendTo\WLM - trikker24@gmail.com\Desktop.ini
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\03a895b62c429db91b5940d438ce6891\download\BITA1.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\08bbfd0cc6990b684660e7f1d5dc41e9\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\090527afad97cdf98c4c66d5de9c9d10\BIT29.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0cce13ec544707789475f05dfaa8d0cc\BITD.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f5798c36353c839b493b8fbc9727b77\BIT5C.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1033b90066ae07b2f96ab361feb2676d\BIT2F.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\141dba2c46ac27fe0d0d6d46ba4dbf07\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\17851d36112163931acfa28af48c8ad0\BIT3E.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1c7e82e6a4a98d7309da77fde0846df0\BIT2D.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1e08f88a29cbd24af20346ffd6b9f7a8\download\BIT82.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\23065076d57a69d8f1561ed90bcaae48\BIT5E.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2c9a5ccff748018e595941e1f5ac90d1\BIT26.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3348ae89e95495ba34f0f042cb6d5be6\BIT5D.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\383ffbfad46fcab6e8897d866df3378f\BIT33.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\39e260f541d2848892f8c6c3aeaefc86\BIT39.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ae9a995605f1d896504b082a66514e1\download\BITF2.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\40c33b1b6b6b9b1b5a2c0a519ff54552\BIT3C.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\448ce64f42870dc316b5e40b9ce7327b\download\BIT81.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4a49f159a136b7c35e991b8feb5fccc9\download\BITA4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4ae7b7488f2519148ba95fd809209ffe\download\BITA3.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4b68f3747273813b8caca916fffc5b50\BIT2B.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4fd71f738af510b6780bc96e325f066e\BIT3D.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5f3167d0b3258a70247d25e50ae22a53\download\BITFA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60acc86596f0f318fe9f50ec6fbb5566\BIT63.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6173c515e9b4956141acca5c585d7fb0\download\BIT101.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6aa9036d2fdc6aa14344d7aa1e5e2647\download\BIT62.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6c8fd3ac6e54ae8505d606b191a3e0a1\BIT27.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6f8a060ad49ea75c47e1509f061beaf8\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\708add86fbd8028b9151744fdfffffe3\BIT66.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\76ad4e455538984f7b40e0031440aa45\BIT40.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7b6e99f6b0628ab5037e0c7698be9ad7\BIT31.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\88a0e45b27ce7c5333dee03aee3cb017\BIT24.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8cf09ae1a09d36e8076dbfc9aa6dd55f\BIT3B.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9174609d8b691cd36e32eb813fb5ccac\download\BITBC.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9410c6028e482e112067bcdf53e5cff5\BIT62.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9764149b651bb42f8cd63d8d33120dda\BIT37.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9901f2bed932843cf397c5c9728ad209\download\BIT64.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\aa4077edbe8a8c15e2b6972ac115ecb7\BIT61.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b29c37b166abce30c687d23dd3479ae1\BIT36.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b7e638232972c3d180fb63842a1b133c\BIT34.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b86a750ec5cf242b13c765191cccd175\BIT35.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c3471d788512b4e103833db48289a7a1\BIT65.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c41361e56712fd450aefdbe6ea30331e\BIT64.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c924f05d9d3f1615aab41fb5aa7b003d\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ce25b7821b513ae02f3ecae28a7ead4d\download\BIT63.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d32e6a64ec28df61afba70da6e6ce185\download\BIT94.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\db3398291bb6ae204a27367ba3251397\download\BITE9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dfc149d9d9d5529907a4de50932827ab\download\BITF3.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e3c26b8545e44dfbe4d1cda1895f0ccb\BIT3F.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e43bfa5a1b6abee8722745eb481b8f49\download\BITEA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e4706a48712a139551b1efc858d9a38e\download\BIT87.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e742ac4a329ce7dbd15066394d5a1fb4\download\BIT102.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f054d1ebd2e0012260f6a8a4a313ecac\download\BITEB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f36fd666eea9a023d1969ddb8fd656de\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f4b8fcab7aa3b72f5ff244bcf0262981\BIT32.tmp
Finished
--------------------------------------------------------------------------
Ja HjT:
Logfile of HijackThis v1.99.1
Scan saved at 15:42:10, on 2.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\Pommi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.travian.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\fcccyvs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\cbxxvwt.dll (file missing)
O2 - BHO: (no name) - {BA2475E0-D277-4259-80A7-55FAA1FCA823} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - C:\WINDOWS\system32\opnljkk.dll
O2 - BHO: (no name) - {F4419142-6822-4870-B64B-3C093CD0928A} - C:\WINDOWS\system32\geeda.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [xsbujklg.exe] C:\Documents and Settings\All Users\Application Data\xsbujklg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: opnljkk - C:\WINDOWS\SYSTEM32\opnljkk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-------------------------------------------------
Siinähän ne.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 2. kesäkuuta 2007 @ 11:49
|
|
Auttaja
Suspended permanently
|
2. kesäkuuta 2007 @ 17:53 |
Linkki tähän viestiin
|
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat riviä ylimmäiseen boksiin
[*]C:\WINDOWS\SYSTEM32\opnljkk.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.
=======
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
http://www.spywareedge.net/nolop/NoLop.exe1
http://www.spywaretimes.com/Tools/Downlo...wareToolsLinkki
http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16
* Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
* Tuplaklikkaa NoLop.exe ajaaksesi sen
* Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
* Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
* Klikkaa "REBOOT"-painiketta.
* NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --
=======
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
=======
nolop + fsec + ja uusin HJTLogi.
|
|
Vancet
Junior Member
|
3. kesäkuuta 2007 @ 05:09 |
Linkki tähän viestiin
|
NoLop ei mitään löytänyt.
VUNDOFIX:
C:\WINDOWS\system32\bjlptuih.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.10
Scan started at 21:02:14 30.5.2007
Listing files found while scanning....
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\fcccyvs.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\yccdd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fcccyvs.dll
C:\WINDOWS\system32\fcccyvs.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.10
Scan started at 12:01:03 2007-06-02
Listing files found while scanning....
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\cbxxvwt.dll
C:\WINDOWS\system32\geeda.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxxvwt.dll
C:\WINDOWS\system32\cbxxvwt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geeda.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.10
Scan started at 22:23:33 2.6.2007
Listing files found while scanning....
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\opnljkk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\opnljkk.dll
C:\WINDOWS\system32\opnljkk.dll Could not be deleted.
Attempting to delete C:\WINDOWS\SYSTEM32\opnljkk.dll
C:\WINDOWS\SYSTEM32\opnljkk.dll Could not be deleted.
Attempting to delete C:\WINDOWS\SYSTEM32\opnljkk.dll
C:\WINDOWS\SYSTEM32\opnljkk.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnljkk.dll
C:\WINDOWS\system32\opnljkk.dll Has been deleted!
Performing Repairs to the registry.
Done!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fsec:
Scanning Report
Saturday, June 02, 2007 23:51:53 - 06:24:40
Computer name: JANNE-THI3VFIV0
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 13 malware found
Tracking Cookie (spyware)
* System (Disinfected)
Trojan-Downloader.Win32.Alphabet.b (virus)
* C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir (Renamed & Submitted)
Trojan-Downloader.Win32.Alphabet.c (virus)
* C:\WINDOWS\system32\winsys64.exe (Renamed & Submitted)
Trojan-Downloader.Win32.Alphabet.gen (virus)
* C:\QooBox\Quarantine\C\WINDOWS\smanager.7.exe.vir (Renamed & Submitted)
Trojan.Win32.Dialer.qn (virus)
* C:\QooBox\Quarantine\C\WINDOWS\system32\wintuh32.dll.vir (Renamed & Submitted)
Vundo.gen11 (virus)
* C:\WINDOWS\system32\mllml.dll.vir (Submitted)
Vundo.gen26 (virus)
* C:\VundoFix Backups\ddccy.dll.bad (Submitted)
* C:\VundoFix Backups\geeda.dll.bad (Submitted)
W32/DLoader.BXTM (virus)
* C:\RECYCLER\S-1-5-18\Dc5\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc4\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc3\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc2\Update.exe (Submitted)
W32/Malware (virus)
* C:\WINDOWS\system32\dr.exe (Submitted)
Statistics
Scanned:
* Files: 698727
* System: 5355
* Not scanned: 147
Actions:
* Disinfected: 1
* Renamed: 4
* Deleted: 0
* None: 8
* Submitted: 12
Files not scanned:
�j
Options
Scanning engines:
* F-Secure AVP: 7.0.171, 2007-06-02
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Libra: 2.4.2, 2007-06-02
* F-Secure Orion: 1.2.37, 2007-06-02
* F-Secure Pegasus: 1.19.0, 2007-04-28
Scanning options:
* Scan all files
* Scan inside archives
* Use Advanced heuristics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HjT:
Logfile of HijackThis v1.99.1
Scan saved at 9:09:26, on 3.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Documents and Settings\All Users\Application Data\xsbujklg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Nokia\Update_Manager\bin\UMScheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\Pommi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.travian.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\fcccyvs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\cbxxvwt.dll (file missing)
O2 - BHO: (no name) - {B58F9D3C-261E-4B0C-8DD6-97A47F1AFC31} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {BA2475E0-D277-4259-80A7-55FAA1FCA823} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - C:\WINDOWS\system32\opnljkk.dll (file missing)
O2 - BHO: (no name) - {F4419142-6822-4870-B64B-3C093CD0928A} - C:\WINDOWS\system32\geeda.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [xsbujklg.exe] C:\Documents and Settings\All Users\Application Data\xsbujklg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Auttaja
Suspended permanently
|
3. kesäkuuta 2007 @ 08:51 |
Linkki tähän viestiin
|
Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.
==========
Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\fcccyvs.dll (file missing)
O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\cbxxvwt.dll (file missing)
O2 - BHO: (no name) - {B58F9D3C-261E-4B0C-8DD6-97A47F1AFC31} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {BA2475E0-D277-4259-80A7-55FAA1FCA823} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {E5225210-F293-40FE-BB2F-D5A3C7F13C47} - C:\WINDOWS\system32\opnljkk.dll (file missing)
O2 - BHO: (no name) - {F4419142-6822-4870-B64B-3C093CD0928A} - C:\WINDOWS\system32\geeda.dll (file missing)
O4 - HKLM\..\Run: [xsbujklg.exe] C:\Documents and Settings\All Users\Application Data\xsbujklg.exe
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
Tässä ohje miten merkataan:
==========
1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä tietokoneesi vikasietotilaan
Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
Poista
C:\Documents and Settings\All Users\Application Data\xsbujklg.exe
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine(1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.
==========
Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:
Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille
==========
Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"
Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.
Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
==========
Jos sinulla ei ole tätä java versiota (6.1): Vanha java saastuttaa helposti koneesi!
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
==========
Uusi HijackThis logi ja onko ongelmia?
|
|
Vancet
Junior Member
|
3. kesäkuuta 2007 @ 16:43 |
Linkki tähän viestiin
|
AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:32:21 3.6.2007
+ Scan result:
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP90\A0102458.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113474.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113490.exe/keygen.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113501.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxxvwt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fcccyvs.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Janne\Työpöytä\KnightsMUClient\KnightsMU.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP2\A0000195.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP2\A0000196.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP30\A0020803.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP88\A0096424.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113500.exe -> Downloader.Agent.brf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\smanager.7.exe.0ir -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113572.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\avp.exe.0ir -> Downloader.Alphabet.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113571.exe -> Downloader.Alphabet.b : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.86:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.87:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.107:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.91:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.196:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.155:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.46:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.14:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.202:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.140:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.141:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.18:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Janne\Cookies\janne@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.52:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.53:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.29:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.100:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\ogukxclu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113646.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP92\A0113499.exe -> Trojan.Inject.br : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{342FB38B-1D82-40C3-9228-FDDBA21ED5ED}\RP89\A0097487.exe -> Trojan.Rond : Cleaned with backup (quarantined).
::Report end
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HjT:
Logfile of HijackThis v1.99.1
Scan saved at 20:42:57, on 3.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Nokia\Update_Manager\bin\UMScheduler.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\Pommi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\fcccyvs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Miksi tossa HjT logissa on noin monta svchost.exeä?
|
|
Auttaja
Suspended permanently
|
3. kesäkuuta 2007 @ 16:46 |
Linkki tähän viestiin
|
O2 - BHO: (no name) - {73BA12CB-F801-41F7-B199-0474FB66D090} - C:\WINDOWS\system32\fcccyvs.dll (file missing)
Ton rivin voit viel fixata, on normaalia että on monta svchostia.
ei muuta ku
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa HijackThis-logia tarkistettavaksi!
|
|
Vancet
Junior Member
|
4. kesäkuuta 2007 @ 04:40 |
Linkki tähän viestiin
|
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
Tarviiko tuon SpywareBlasterin aina käynnistää, vai onko se aina automaattisesti päällä. Kaikki on kyllä enabled.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. kesäkuuta 2007 @ 05:15
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
5. kesäkuuta 2007 @ 08:01 |
Linkki tähän viestiin
|
|
Se on automaattisesti päällä.
|
|
