Hjtloki
|
|
manix51
Newbie
|
1. tammikuuta 2006 @ 10:53 |
Linkki tähän viestiin
|
Vieläkö näitä kukaan täällä tarkastelee, kaikki muut konstit on käytetty, mutta selain (ExP) hakee aina vaan väärän kotisivun...
Kiitos etukäteen...
---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:31:16, on 1.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3cl.exe
C:\WINDOWS\system32\ipkp32.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {15441FF2-7B4A-9558-4AB1-B594DAA19E8A} - C:\WINDOWS\system32\d3wt.dll (file missing)
O2 - BHO: Class - {1801F44A-11C5-3365-9CE5-4056514DC0D7} - C:\WINDOWS\system32\atlip.dll (file missing)
O2 - BHO: Class - {39C21146-72F9-C00B-D47C-F100644447AE} - C:\WINDOWS\mskk32.dll (file missing)
O2 - BHO: Class - {3AF7AF61-E9EC-FF85-4730-D2B5711A9B30} - C:\WINDOWS\ipsf32.dll
O2 - BHO: Class - {41196237-BC88-9E50-C0A8-41D2474D43DF} - C:\WINDOWS\sysfd32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5C72B122-9904-E5BD-4093-348A5AD1BEF5} - C:\WINDOWS\crpb32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Class - {98BEE562-A984-68F6-3C3D-5BA8C901DC71} - C:\WINDOWS\system32\atlzb32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AE963F47-BC89-BD0D-3AE9-19865D9B1BB7} - C:\WINDOWS\system32\ntrf.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Class - {DE09C871-7AD6-BF98-DB2E-7655E7D848F1} - C:\WINDOWS\system32\mfchj.dll (file missing)
O2 - BHO: Class - {FCB8770E-2441-C956-E35E-C9C4850ADE15} - C:\WINDOWS\system32\iety32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msow.exe] C:\WINDOWS\system32\msow.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [20.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [36.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
O4 - HKLM\..\Run: [42.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
O4 - HKLM\..\Run: [d3xq.exe] C:\WINDOWS\d3xq.exe
O4 - HKLM\..\Run: [javafk.exe] C:\WINDOWS\javafk.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\system32\sdkar.exe
O4 - HKLM\..\Run: [d3cl.exe] C:\WINDOWS\system32\d3cl.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipkp32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
AfterDawn Addict
|
1. tammikuuta 2006 @ 11:09 |
Linkki tähän viestiin
|
Joo, toi on aika paha örkki.
Laita piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944
Hae CWShredder täältä -> http://www.intermute.com/spysubtract/cwshredder_download.html
Päivitä, mutta älä käytä sitä vielä
Hae aboutbuster -> http://koti.mbnet.fi/pattaya1/aboutbuster.htm , päivitä se, mutta älä käytä sitäkään vielä.
Hae Registrar Lite -> http://www.resplendence.com/reglite/ ja asenna se hakemistoon C:\Program Files\RegLite\ .
Lataa ja asenna Ewido -> http://www.ewido.net/en/download/
Päivitä se, mutta älä käytä vielä.
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Sammuta prosessit tiedostojenhallinnasta:
C:\WINDOWS\system32\d3cl.exe (varmaan näkyy siis pelkkänä d3cl.exenä)
C:\WINDOWS\system32\ipkp32.exe (varmaan näkyy siis pelkkänä ipkp32.exenä)
Poista seuraavat tiedostot, jos löytyy:
C:\WINDOWS\system32\zpxjv.dll
C:\WINDOWS\system32\d3wt.dll
C:\WINDOWS\system32\atlip.dll
C:\WINDOWS\mskk32.dll
C:\WINDOWS\ipsf32.dll
C:\WINDOWS\sysfd32.dll
C:\WINDOWS\crpb32.dll
C:\WINDOWS\system32\atlzb32.dll
C:\WINDOWS\system32\ntrf.dll
C:\WINDOWS\system32\mfchj.dll
C:\WINDOWS\system32\iety32.dll
C:\WINDOWS\system32\msow.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
C:\WINDOWS\d3xq.exe
C:\WINDOWS\javafk.exe
C:\WINDOWS\system32\sdkar.exe
C:\WINDOWS\system32\d3cl.exe
C:\WINDOWS\system32\ipkp32.exe
Sitten sulje kaikki ohjelmat ja käynnistä hijackthis. Merkkaa nämä ja klikkaa fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {15441FF2-7B4A-9558-4AB1-B594DAA19E8A} - C:\WINDOWS\system32\d3wt.dll (file missing)
O2 - BHO: Class - {1801F44A-11C5-3365-9CE5-4056514DC0D7} - C:\WINDOWS\system32\atlip.dll (file missing)
O2 - BHO: Class - {39C21146-72F9-C00B-D47C-F100644447AE} - C:\WINDOWS\mskk32.dll (file missing)
O2 - BHO: Class - {3AF7AF61-E9EC-FF85-4730-D2B5711A9B30} - C:\WINDOWS\ipsf32.dll
O2 - BHO: Class - {41196237-BC88-9E50-C0A8-41D2474D43DF} - C:\WINDOWS\sysfd32.dll (file missing)
O2 - BHO: Class - {5C72B122-9904-E5BD-4093-348A5AD1BEF5} - C:\WINDOWS\crpb32.dll (file missing)
O2 - BHO: Class - {98BEE562-A984-68F6-3C3D-5BA8C901DC71} - C:\WINDOWS\system32\atlzb32.dll (file missing)
O2 - BHO: Class - {AE963F47-BC89-BD0D-3AE9-19865D9B1BB7} - C:\WINDOWS\system32\ntrf.dll (file missing)
O4 - HKLM\..\Run: [msow.exe] C:\WINDOWS\system32\msow.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [20.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [36.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
O4 - HKLM\..\Run: [42.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
O4 - HKLM\..\Run: [d3xq.exe] C:\WINDOWS\d3xq.exe
O4 - HKLM\..\Run: [javafk.exe] C:\WINDOWS\javafk.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\system32\sdkar.exe
O4 - HKLM\..\Run: [d3cl.exe] C:\WINDOWS\system32\d3cl.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipkp32.exe
Sitten käynnistä -> suorita -> services.msc -> ok
Etsi listalta Workstation NetLogon Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"
SULJE KAIKKI IKKUNAT paitsi CWShredder
Aja ohjelma painamalla fix ja anna korjata kaikki mitä löytää.
Skannaa aboutbusterilla kaksi kertaa ja säästä loki.
Skannaa ewidolla ja anna poistaa, mitä löytyy. Tallenna loki ja postita se tänne.
Käynnistä kone normaalisti
Postita hijackthisin, aboutbusterin ja ewidon lokit.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 1. tammikuuta 2006 @ 11:13
|
manix51
Newbie
|
1. tammikuuta 2006 @ 12:52 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 17:34:49, on 1.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 17:31:31, 1.1.2006
+ Report-Checksum: 7955248B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4095AAF5-BAD2-A97D-D64C-566A52E35C2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61682029-A490-5C49-D9FD-682FB2DA97AF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8424A742-21C5-E92B-D6A5-2B565D796258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{983BCD03-BAD0-48DD-7123-2CEA9002484D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC06F6E-F261-4E44-CF1D-B1EA9712EF4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB537FC9-E3D4-FBBF-80FD-2CDE0ABCC38B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2E5E32B-0FD0-16A5-10FE-EDA2D4478683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D223F02D-058E-2CFE-D02D-81826009252B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFC94122-75A0-85E3-3738-430A8B983C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Severi\Cookies\severi@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
::Report End
Tässä nämä... Aboutbuster ei toiminut loppuun, valitti korruptoituneesta fileestä..comcti32.ocx.
Selain ainakin pelitää ja kone muuten Ok..
|
AfterDawn Addict
|
1. tammikuuta 2006 @ 13:02 |
Linkki tähän viestiin
|
HjT-loki on ok. Ihmettelen vaan, miksei ZoneAlarm ja AntiVir ole päällä?
Vai onko tuo HjT-loki otettu vikasietotilassa? Käynnistithän koneen uudelleen ennen lokin ottamista? Jos et, niin lähetä uusi HjT-loki.
Ja sitten windows updateen niin kun olis jo :)
|
winxp
Junior Member
|
1. tammikuuta 2006 @ 13:06 |
Linkki tähän viestiin
|
Moi
Onko se tiedosto todella nimeltään comcti32.ocx vai olisiko se sittenkin comctl32.ocx ?
Katoppa sieltä kansiosta minne asensit AboutBusterin , sieltä pitäisi löytyä seuraava tiedosto Read Me.rtf ja lue se tarkkaan. Löytyy mm. seuraavaa
Quote: Error Code 339 Missing comctl32.ocx
Solution: Download http://www.malwarebytes.org/libraries/COMCTL32.OCX
Copy it into your system folder
Windows ME, 98, 95 C:\Windows\System
Windows XP, 2K C:\Windows\System32
Windows NT C:\WinNt\System32
Register it by going to Start | Run | Typing in
Windows ME, 98, 95 regsvr32 \windows\system\comctl32.ocx
Windows XP regsvr32 \windows\system32\comctl32.ocx
Windows NT, 2K regsvr32 \winnt\system32\comctl32.ocx
You should get a dialog saying library registered.
PS. TÄRKEÄÄ ! Päivitä koneesi päivitykset kuntoon kunhan se on puhdistettua näistä "örkeistä".
.
.
|
winxp
Junior Member
|
1. tammikuuta 2006 @ 13:07 |
Linkki tähän viestiin
|
Quote: Ja sitten windows updateen niin kun olis jo :)
Kerkisit jo sanoa tuon ;)
.
.
|
manix51
Newbie
|
1. tammikuuta 2006 @ 13:45 |
Linkki tähän viestiin
|
Kiitoksia ...
Juu tuli tosiaan ajettua se Hjt-loki vikasietotilassa.. mutta ilmeisesti ei haittaa..
Varmaankin se .ocx on comctl32.ocx :-)) tarkistan sen..
Kone kuitenkin nyt pelittää...
|
pclekuri
Member
2 tuotearviota
|
1. tammikuuta 2006 @ 13:54 |
Linkki tähän viestiin
|
manix sulla ei oo vissiin ollenkaa sp kakka pakkeja?:) pistä ny ihmees ees yks.. voi kyllä olla väärässä katoin kyllä tos logias ei näkyny.. tai olen sitte sokea..:P
|
spertti
Senior Member
|
1. tammikuuta 2006 @ 13:58 |
Linkki tähän viestiin
|
@pclekuri....
Vastahan -kemisti- ja winxp kerkesivät asiasta mainita, mutta nyt viimeistään asia meni perille =)
Joskos minäkin vielä. @manix51 Nyt hetipaikalla Windows updateen!
|
Mainos
|
|
|
AfterDawn Addict
|
1. tammikuuta 2006 @ 14:00 |
Linkki tähän viestiin
|
@manix51: Lähetä sitten vielä normaalitilassa otettu HjT-loki.
|