AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
maanantai 23.12.2024 / 20:15
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hijackthis
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
hijackthis
  Siirry:
 
Kirjoittaja Viesti
Aras88
Member
_ 		23. marraskuuta 2005 @ 12:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Onks tässä logfile kunnossa?


Logfile of HijackThis v1.99.1
Scan saved at 17:27:12, on 23.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
C:\PROGRA~1\YAPLOCK\YaplockTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\TopText\wo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Warez P2P Client\warez.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\WebSecureAlert\WebSecureAlert.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HbTools\Bin\4.7.0.0\HbtSrv.exe
C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.info/VVGy7vSMbsDMvaBullFRVlB2gQNm...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ]§ú"ü?ü?iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0¨4W
}ïÁzî?igÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü?ü?igÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü?üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [EjgB0Ô*ú*Àaî?aaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [EjgB09¿Ì*ú*Àaî?aaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô*ú]Mú*Àaî?aaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K09¿Ì*ú]Mú*Àaî?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K09¿Ì*Àaî?aaî?igC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [Á³#  é"h'þ9Ó?U3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ]§ú"ü?»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
O4 - HKLM\..\Run: [Á³#  è"h'þ9Ó?T3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		23. marraskuuta 2005 @ 12:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
No ei sinne päinkään. Täynnä roskaa kone.

Poista lisää/poista sovellus-kohdasta

Ebates Moe Money Maker
ISTsvc
Hotbar
Messenger Plus !3
SpySpotter3
TopText
WebSecureAlert

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.info/VVGy7vSMbsDMvaBullFRVlB2gQNm...
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ]§ú"ü?ü?iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0¨4W
}ïÁzî?igÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü?ü?igÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü?üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [EjgB0Ô*ú*Àaî?aaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [EjgB09¿Ì*ú*Àaî?aaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô*ú]Mú*Àaî?aaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K09¿Ì*ú]Mú*Àaî?aC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K09¿Ì*Àaî?aaî?igC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [Á³# é"h'þ9Ó?U3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [¢?¸K0Ô@ÔÁÔ]§ú"ü?»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [Á³# è"h'þ9Ó?T3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)

Sitten käynnistä -> suorita -> services.msc Etsi listalta
NvCplScan, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

C:\Program Files\==>HbTools<==
C:\DOCUME~1\Kevin\APPLIC~1\==>SCRDEF~1<==
C:\WINDOWS\System32\==>onmhzdxp.exe<==
C:\Program Files\==>ISTsvc<==
C:\WINDOWS\==>xwwxvm.exe<==
C:\WINDOWS\==>logon.exe<==
C:\Program Files\==>MessengerPlus! 3<==
C:\WINDOWS\system32\==>yghlzgsq.exe<==
C:\Program Files\==>SpySpotter3<==
C:\Documents and Settings\All Users\Application Data\==>PileLiesViewVc<==
C:\DOCUME~1\Kevin\APPLIC~1\==>SITEID~1<==
C:\PROGRA~1\==>TopText<==
C:\Program Files\==>WebSecureAlert<==
C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\==>V0.29.dat<==
C:\WINDOWS\System32\==>nvsc32.exe<==
C:\Program Files\==>Ebates_MoeMoneyMaker<==

Käynnistä uudelleen. Hae täältä -> http://www.ewido.net/en/download
ewido, asenna, päivitä ja skannaa. Anna poistaa mitä löytää, tallenna raportti. Lähetä ewidon raportti ja uusi HjT-loki.
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. marraskuuta 2005 @ 12:55
Wauva
Newbie
_ 		24. marraskuuta 2005 @ 02:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 7:13:02, on 24.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\HtJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Tossa mitään vikaa?
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		24. marraskuuta 2005 @ 04:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
@Wauwa: Olisit saanu laittaa omaan viestiketjuun, mutta menköön tämän kerran. Ja vikaa on :)

Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

SurfAccuracy

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

Sitten käynnistä -> suorita -> services.msc. Etsi listalta;:

Host Services
MicroSoft Media Tools

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".

Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

C:\DOCUME~1\Timo\APPLIC~1\==>WAVESO~1<==
C:\Documents and Settings\All Users\Application Data\==>ReadmePeakBoltWait<==
C:\Program Files\==>SurfAccuracy<==
C:\Documents and Settings\Timo\Application Data\==>audio media vga<==
C:\WINDOWS\==>svhosts.exe<==
C:\WINDOWS\==>MSmedia.exe<==

Käynnistä uudelleen ja lähetä uusi HjT-loki.
[ + lainaa]
Wauva
Newbie
_ 		24. marraskuuta 2005 @ 06:52 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 11:50:32, on 24.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HtJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[ + lainaa]
aaxxeell
Senior Member
_ 		24. marraskuuta 2005 @ 07:48 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Vielä jäi:

Lisää/poista sovellus kohdasta:
SurfAccuracy (Jos löytyy)


Fixaa:
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

Vikasietotilassa(F8 koneen käynnistyksen yhteydessä):
C:\Program Files\-->SurfAccuracy<--

Kone normaali tilaan ja uusi loki tänne.
[ + lainaa]
>>>>> Oppaat <<<<<
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpuhdistaminen.hijackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffaileturvallisestinetiss%C3%A4%21hosts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messengerplus%21opasturvalliseenasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
Aras88
Member
_ 		24. marraskuuta 2005 @ 16:37 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä olis se uusi logi



Logfile of HijackThis v1.99.1
Scan saved at 21:35:44, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\YAPLOCK\YaplockTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpq...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE





Ja tässä olis se ewido reportti




+ Created on: 17:08:24, 24.11.2005
+ Report-Checksum: BE9EC54C

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057} -> Spyware.SuperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7} -> Spyware.SuperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}\TypeLib\\ -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04} -> Spyware.SuperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FAC94900-96D9-47fa-BA33-7EF1BBFBBCEC}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Spyware.HotBar : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
[ + lainaa]
aaxxeell
Senior Member
_ 		24. marraskuuta 2005 @ 20:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Jäi vielä muutama:

Fixaa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpq...
O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
----------------------------------------------------------------------------------
Vinkkinä:

Selaimeksi muu kuin Internet Explorer:
Firefox: http://www.mozilla.org/products/firefox/ tai
Opera: http://www.opera.com/

SpywareBlaster
Estää haitallisten activeX ja evästeiden asentumisen koneelle.
Lataa -> http://www.javacoolsoftware.com/spywareblaster.html
Ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/221085
------------------------------------------------------------------------------------
eScan:illa läpi vielä kone:
Ohjeet ja lataus -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
Päivitä ja Scannaa koko kone sivun ohjeiden mukaan.
Lähetä örkki tulokset (alempi laatikko) + uusi hjt!
[ + lainaa]
>>>>> Oppaat <<<<<
Ewido Anti-spyware 4.0 -> http://aaxxeell.googlepages.com/ewido4
Koneen puhdistaminen. HijackThis-ohje -> http://aaxxeell.googlepages.com/koneenpuhdistaminen.hijackthis-ohje%21
Surffaile turvallisesti netissä! HOSTS-tiedosto -> http://aaxxeell.googlepages.com/surffaileturvallisestinetiss%C3%A4%21hosts-tiedosto%21
Messenger Plus! Opas turvalliseen asentamiseen -> http://aaxxeell.googlepages.com/messengerplus%21opasturvalliseenasentamiseen.
EULAlyzer -> http://aaxxeell.googlepages.com/eulalyzer
-kemisti-
AfterDawn Addict
_ 		25. marraskuuta 2005 @ 04:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hmmm, kun toi search bar-juttu ei lähteny, niin siellä voi olla "lopjob" takana. Tees aaxxeellin ohjeiden lisäks näin:

Hae findlop -> http://metallica.geekstogo.com/findlop.zip

Pura ja tuplaklikkaa findlop.bat
Logi löytyy tuolta C:\findlop.txt, lähetä se tänne.
[ + lainaa]
Aras88
Member
_ 		25. marraskuuta 2005 @ 05:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/24/2005 23:14:00
NextRun: 11/25/2005 11:14:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/25/2005
EndDate: 00/00/0000
StartTime: 03:14
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'AE14984A91870C52.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\arman\applic~1\siteid~1\NewActiveDog.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'arman'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 08/20/2005 20:00:00
NextRun: 11/25/2005 11:00:00
StartError: 0x80070005
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/06/1996
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		25. marraskuuta 2005 @ 05:22 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Näin ajattelinkin :)

Fixaa ensin HjT:llä nuo aaxxeellin sanomat jutut (toi R1-rivi voi olla jo erinäköinen, mutta se "nettiosoite" on kuitenkin siansaksaa)

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitten kopioi rivi tosta alapuolelta

C:\WINDOWS\Tasks\AE14984A91870C52.job

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uusi Hijack-logi.
[ + lainaa]
Aras88
Member
_ 		25. marraskuuta 2005 @ 06:36 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
joo mä tein toon homman killboxilla ja käynnistin koneen ja tässä on se uus hijack-logi




Logfile of HijackThis v1.99.1
Scan saved at 11:34:23, on 25.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\YAPLOCK\YaplockTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
[ + lainaa]
Zipp2
Member
_ 		25. marraskuuta 2005 @ 06:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Scannasikko Ewidolla vikasietotilassa...logissa erroreita Altnet ja Hotbar.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		25. marraskuuta 2005 @ 06:42 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Loki on ok. Toi Warez P2P Client ei ole kovin suositeltava p2p-ohjelma, sen mukana tulee spywarea ja muuta roskaa. Mutta jos välttämättä haluat käyttää sitä, en estä ;)
[ + lainaa]
Aras88
Member
_ 		25. marraskuuta 2005 @ 06:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ok! kiitos avusta ja neuvosta ;)
[ + lainaa]
Aras88
Member
_ 		25. marraskuuta 2005 @ 06:58 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ai niin ja yks juttu vielä kun tää kone ei oo mun vaan yhen mun kaverin niin kun se yrittää messengerillä vastaan ottaa tiedostoja sen koneen palomuuri estää vastaan ottamaan tiedostoja.

ja en oikee tiedä kuinka korjata asian?:/
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		25. marraskuuta 2005 @ 07:24 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tarkoitatko, et mp3- ja exe-tiedostot ei tule perille? Siihen auttaa a-patch -> http://apatch.tk
[ + lainaa]
Aras88
Member
_ 		27. marraskuuta 2005 @ 07:03 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Mä latasin tään a-patch ohjelman mut mitä mun pitää siis tehdä ku tässä on jotain remove text box ja semmmoista?!
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		27. marraskuuta 2005 @ 07:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Valitse sieltä a-patchista "Remove File Transfer Protection". Sillä saa myös mainokset ym. pois, jos haluaa.
[ + lainaa]
Aras88
Member
_ 		27. marraskuuta 2005 @ 07:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
siis kyllä ne mp3-tiedostot ja muut tulee perille mut sit tulee tiedote et palomuuri ei muka anna avata niitä ku siin voi olla virus riski?! :/

ainakin mun kaveri sano niin ku tää ei oo mun kone vaan kaverini ja yritän korjata sitä.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		27. marraskuuta 2005 @ 08:19 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Oletko yrittänyt avata niitä Resurssienhallinnan kautta eikä Mesen kautta (Omat Tiedostot -> Vastaanotetut tiedostot)?
[ + lainaa]
Aras88
Member
_ 		27. marraskuuta 2005 @ 14:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
joo olen kokeillut mut ei ne tiedostot mene vastaanotetut tiedostot kansioon ku siinä mesessä lataa mp3-musiikkia niin just ku lataus on valmis niin lukee ''Virus scan couldn't compelete check it from settings Tools>options>File transfer..jotain tommost lukee siinä
[ + lainaa]
Mainos
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		27. marraskuuta 2005 @ 14:43 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eli mesessä Työkalut -> asetukset -> tiedostonsiirto. Ja kokeile ottaa kohdasta "Tee virustarkistus tällä ohjelmalla" rasti pois.
[ + lainaa]
Aiheeseen liittyviä linkkejä
Lataa uusin versio HijackThis-ohjelmasta täältä!
 
Aiheeseen liittyviä viestiketjuja Viestejä Viimeisin viesti Keskustelualue
Avun tarpeessa HijackThis log 2 21. maaliskuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
HijackThis -logi! 1 10. tammikuuta 2014 Virukset ja haittaohjelmat - HijackThis -logit
Saisiko apua HijackThis log 2 8. syyskuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
Netti hidastuu ajoittain. -Hijackthis loki 4 17. maaliskuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
HijackThis Logi 1 22. helmikuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
Hijackthis logia tarkistettavaksi. Jäikö viruksia? 1 21. helmikuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
hijackThis logi .. jos joku fiksumpi vois vilkaista? 1 23. tammikuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
HiJackThis Kysymys 6 4. tammikuuta 2013 Virukset ja haittaohjelmat - HijackThis -logit
Miten luodaan hijackthis-loki 3 29. joulukuuta 2012 Virukset ja haittaohjelmat
HiJackThis-logi 2 3. joulukuuta 2012 Virukset ja haittaohjelmat - HijackThis -logit

 
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > hijackthis
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2024 AfterDawn Oy