IE:ssä mainostuspöpö

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 7.7.2025 / 18:26

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > ie:ssä mainostuspöpö

Aiheet

Keskustelualueet

Aloita uusi viestiketju

IE:ssä mainostuspöpö

Siirry:

Kirjoittaja

Viesti

Lamma

Member

27. elokuuta 2006 @ 19:44

Linkki tähän viestiin

Quote:
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Andy) (Cookie, nothing done)

Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Andy) (Cookie, nothing done)

Tuollaiset ongelmat löytää Spybot S&D. Nuo taitavat olla pelkkiä keksejä, eivät ainakaan ongelman alkujuuri. Tuollaiselle "Antiviru" softan mainossivulle IE menee yleensä aina, kun IE:n avaa. Sitä ennen tulee parit popupit (ei selain ikkunat, vaan messaget). Ongelma näyttäisi poistuvan, kun Lisäosien hallinnasta napsaisee mljge.dll-tiedoston pois päältä. Se kuitenkin menee itsekseen takaisin päälle.

Aiemmin koneella oli Toolbar888 myös, mutta sen sain poistettua, tuollainen vielä koneelle jäi. Useammatkin muille annetut poisto-ohjeet olen tuosta lukenut, mutta ei näköjään kaikki lähtenyt :-/

HjT-logi:

Logfile of HijackThis v1.99.1
Scan saved at 23:36:35, on 27.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Ewido\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {163CF787-E3CF-4F60-BDA0-A83FC284E9B7} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D223C36E-14F8-4E2D-BC90-3D140DAA6D92}: NameServer = 130.230.24.10,193.166.80.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. elokuuta 2006 @ 19:45

kairis

Member

28. elokuuta 2006 @ 13:34

Linkki tähän viestiin

Vundohan sua kiusaa...

Ihan ensin Poistetaan Windows Defenderin ja Ewidon guard suojaukset pois päältä, sillä ne voivat haitata fixausta:
Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.

Käynnistä Ewido ja pääikkunassa klikkaa "Realtime protection" (on vihreällä ja lukee "Active") muuttaksesi sen inactiveksi.

Poistetaan se Vundo:
Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

[ + lainaa]

~kairis~

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. elokuuta 2006 @ 13:41

Lamma

Member

10. syyskuuta 2006 @ 10:03

Linkki tähän viestiin

Nui... pieni tovi kyllä vierähti, mutta nyt tuo VundoFix ajettuna kai paremmalla onnella. Viimeksi meni kai jotain sitten pieleen tuon mljge.dll-filun poistossa, en varmaan suorittanut fixiä uudestaan.

Lainaus:

VundoFix V5.1.11

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 20:38:05 15.8.2006

Listing files found while scanning....

C:\windows\system32\mljge.dll
C:\windows\system32\egjlm.ini
C:\windows\system32\egjlm.bak1
C:\windows\system32\egjlm.bak2

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\mljge.dll
C:\windows\system32\mljge.dll Could not be deleted.

Attempting to delete C:\windows\system32\egjlm.ini
C:\windows\system32\egjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\egjlm.bak1
C:\windows\system32\egjlm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\egjlm.bak2
C:\windows\system32\egjlm.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.4

Checking Java version...

Java version is 1.5.0.6

Scan started at 13:47:07 10.9.2006

Listing files found while scanning....

C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\gpupibnk.exe
C:\WINDOWS\system32\lhnelvaj.exe
C:\WINDOWS\system32\lmvwjqnb.exe
C:\Program Files\Common Files\{7A729F89-0724-1035-0523-060320060166}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gpupibnk.exe
C:\WINDOWS\system32\gpupibnk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhnelvaj.exe
C:\WINDOWS\system32\lhnelvaj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmvwjqnb.exe
C:\WINDOWS\system32\lmvwjqnb.exe Has been deleted!

Attempting to delete C:\Program Files\Common Files\{7A729F89-0724-1035-0523-060320060166}\services.dll
C:\Program Files\Common Files\{7A729F89-0724-1035-0523-060320060166}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.4

Checking Java version...

Java version is 1.5.0.6

Scan started at 13:51:03 10.9.2006

Listing files found while scanning....

C:\WINDOWS\system32\mljge.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!

Performing Repairs to the registry.
Done!

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 14:00:31, on 10.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\Ewido\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67DBC31F-30FE-4987-913F-3D2AC381A95B} - C:\WINDOWS\system32\mljge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D223C36E-14F8-4E2D-BC90-3D140DAA6D92}: NameServer = 130.230.24.10,193.166.80.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[ + lainaa]

kairis

Member

10. syyskuuta 2006 @ 10:42

Linkki tähän viestiin

Moi. Hyvin toimittu, Vundo lähti...
Tehdään seuraavaksi näin:
Suosittelen vielä Ewidoa:
-> Lataa ja asenna Ewido

Käynnistä Ewido Anti-Spyware
Klikkaa Update kuvaketta ikkunan ylälaidassa
Klikkaa Start update nappia
Odota päivitysten latautumista ja asentumista
[*]Kun päivitykset on ladattu, klikkaa ""Scanner"" kuvaketta ikkunan ylälaidassa. Valitse sitten ""Settings"" välilehti.
[*]Kun ""Settings"" valikko on auennut, klikkaa ""Recommended actions"" ja sitten valitse ""Quarantine"".
[*]Sitten ""Reports"" valikon alta:
[*]Laita täppi kohtaan ""Automatically generate report after every scan""
[*]Ota täppi pois kohdasta""Only if threats were found""
[*]Sulje ohjelma, ÄLÄ skannaa vielä. "

Käynnistä koneesi vikasietotilaan, http://www.virustorjunta.net/modules.php...n+ratkaisuun#37
HUOM! Älä käytä muita ohjelmia Ewidon skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun olet vikasietotilassa, käynnistä Ewido Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" http://img86.imageshack.us/img86/4586/scan1nx.jpg
[*]Sitten klikkaa ""Reports"" kuvaketta ohjelma yläosasta.
[*]Klikkaa ""Save report as"" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. Sulje ohjelma."

"Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa? do a system scan only ?.
Merkkaa nämä rivit ja paina Fix checked :
O2 - BHO: (no name) - {67DBC31F-30FE-4987-913F-3D2AC381A95B} - C:\WINDOWS\system32\mljge.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O15 - Trusted Zone: http://locator.cdn.imageservr.com

[*]käynnistä kone normaalisti ja lähetä Ewidon raportti viestikejuusi uuden HjT-lokin kera.

[ + lainaa]

~kairis~

Lamma

Member

11. syyskuuta 2006 @ 20:48

Linkki tähän viestiin

Ewido sanoi näin:

Lainaus:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:24:43 12.9.2006

+ Scan result:

C:\VundoFix Backups\gpupibnk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\lhnelvaj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\lmvwjqnb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jjmonogx.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Etracker : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.88:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
:mozilla.95:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Itrack : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\0f4ikxf6.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

::Report end

Hjt logi:

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 0:40:24, on 12.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ewido\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Avast\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Startup: Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D223C36E-14F8-4E2D-BC90-3D140DAA6D92}: NameServer = 130.230.24.10,193.166.80.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Seuraavaksi sitten voikin alkaa ihmetellä, että miten hankiutua eroon erään PHP editorin heikosti toteutetun uninstallin jättämistä jäänteistä. (Jätti filua hiiren oikealla klikattaessa aukeavaan valikkoon merkintänsä.) Mutta se onkin sitten jo kokonaan toinen tarina :(

[ + lainaa]

Mainos

kairis

Member

12. syyskuuta 2006 @ 04:24

Linkki tähän viestiin

Moro.
Voit tyhjentää Ewidon karanteenin:

-> Avaa Ewido
-> Infections
-> Selet All
-> Remove finally
-> Kyllä
-> Sulje Ohjelma

Nyt lokisi on puhdas.

[ + lainaa]

~kairis~

Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > ie:ssä mainostuspöpö


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.