AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
torstai 30.1.2025 / 05:41
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > escan löysi seuraavan adware.win32
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Escan löysi seuraavan Adware.Win32
  Siirry:
 
Kirjoittaja Viesti
Spool
Suspended due to non-functional email address
_ 		19. elokuuta 2006 @ 17:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tässä ois Escanin loki

File C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\???????????p?????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\???????????p?????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Janne\Application Data\+++\UserData\???????????p???????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Janne\Application Data\+++\UserData\???????????p??????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
File D:\I386\Apps\APP24682\src\da\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\de\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\en\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\es\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\fi\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\fr\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\it\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\ko\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\nl\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\no\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\pt\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\sv\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\zh\cn\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\zh\tw\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.

Pitäskö jotain poistaa vai ??
[ + lainaa]
Jupsu
Senior Member

9 tuotearviota
_ 		19. elokuuta 2006 @ 21:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
[ + lainaa]
Spool
Suspended due to non-functional email address
_ 		20. elokuuta 2006 @ 06:42 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 10:41:40, on 20.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iPod\bin\iPodService.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huuto.net/fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Sami\Työpöytä\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Deer Hunter 2005\ATR1.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Muistin että tänne ei kait saanu pistää tota HjT lokia mutta se nyt on tossa jos joku siirtää tai jotain.


Tossa on viel toi smitfraudfixin loki

SmitFraudFix v2.81

Scan done at 12:56:58,95, su 20.08.2006
Run from C:\Documents and Settings\Sami\Ty?p?yt?\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sami\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sami\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. elokuuta 2006 @ 08:59
Spool
Suspended due to non-functional email address
_ 		25. elokuuta 2006 @ 09:42 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Escanin uusin loki
File C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\???????????p?????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\SecuROM\UserData\???????????p?????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Janne\Application Data\+++\UserData\???????????p???????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Janne\Application Data\+++\UserData\???????????p??????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Sami\Työpöytä\SmitfraudFix\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
File D:\I386\Apps\APP24682\src\da\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\de\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\en\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\es\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\fi\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\fr\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\it\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\ko\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\nl\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\no\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\pt\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\sv\js\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\zh\cn\JS\LUREGWMI.EXE tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.
File D:\I386\Apps\APP24682\src\zh\tw\JS\LURegWMI.exe tagged as not-a-virus:AdWare.Win32.Dm.n. No Action Taken.

Logfile of HijackThis v1.99.1
Scan saved at 13:39:34, on 25.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iPod\bin\iPodService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Torjuntaohjelmat\Kaspersky\mwavscan.com
C:\Torjuntaohjelmat\Kaspersky\kavss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huuto.net/fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Sami\Työpöytä\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Deer Hunter 2005\ATR1.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Client - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Smitfraudfixin

SmitFraudFix v2.81

Scan done at 13:41:49,15, pe 25.08.2006
Run from C:\Documents and Settings\Sami\Ty?p?yt?\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sami\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sami\Suosikit


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Niin jos on jotain niin sanokaa.
[ + lainaa]
Jannejt
Moderator

7 tuotearviota
_ 		27. elokuuta 2006 @ 09:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
siirretty HjT lokin takia tänne
[ + lainaa]


Säännöt | Osto- ja myyntialueen erikoissäännöt | Rules
Mainos
_ 		__
 
_
sasesi
Junior Member
_ 		27. elokuuta 2006 @ 14:38 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Eivät ole viruksia/spywarea, mutta turhia mitkä hidastavat tietokoneen avautumista:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Sami\Omat tiedostot\Ohjelmat\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Sinulla on vanha versio Javasta joten asennamme uuden:

Ensin poistamme vanhan version.
Paina ’’Käynnistä-valikkoa’’ Sieltä ’’Ohjauspaneeli’’ ja ’’Lisää tai poista sovellus’’.
Etsi listasta kaikki ’’J2SE Runtime Enviroment’’ alkuiset sovellukset ja poista ne.
Lataa sitten uusi versio tuosta: http://jdl.sun.com/webapps/download/AutoDL?BundleId=10695 ja asenna se. (Pidä Internet-selaimet suljettuna asennuksen aikana)
Nyt sinulla on uusin versio Javasta.

Mitään vakavaa en logistasi löydä.
[ + lainaa]
Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > escan löysi seuraavan adware.win32
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy