|
Keskustelualueet
Keskustelualueet
|
|
mainoksia pukkaa
|
|
Themes
Suspended due to non-functional email address
|
11. lokakuuta 2006 @ 11:03 |
Linkki tähän viestiin
|
juu nythän tää temput teki ... en tiedä mistä se sit tuli mut nyt kuitenkin tulee ikkunaan jos jonkin näköistä virus ohjelma mainosta ja sitten tuli tossa hetki sitten vielä xp:n omia jotain tietosuoja varoituksia ja pitäis kuulemma skannata kone kokonaan ja jotain ...
tökkii aika pahasti .. oli joskus puoli vuotta sitten vähän saman lainen ongelma ja täältähän se apu löyty sillonkin ... ja meikä ei sit ole mikää Nero näitten kans. =)
nii se hitjuk loki:
Logfile of HijackThis v1.99.1
Scan saved at 14:54:35, on 11.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\Common Files\{F480C8E9-05CB-1035-0802-010510200166}\Update.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [qhbmyxc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qhbmyxc.dll,knlwjaf
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.harjunopk.fi/activex/AMC.cab
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
|
Themes
Suspended due to non-functional email address
|
11. lokakuuta 2006 @ 11:07 |
Linkki tähän viestiin
|
no voi perkele . nyt tulee niitä errorsave mainoksia. juu kohtaa sumenee....
|
AfterDawn Addict
|
11. lokakuuta 2006 @ 13:56 |
Linkki tähän viestiin
|
Ei HjT-lokeja tms. yksityisviestillä!
|
Themes
Suspended due to non-functional email address
|
11. lokakuuta 2006 @ 19:03 |
Linkki tähän viestiin
|
No jotta....
Logfile of HijackThis v1.99.1
Scan saved at 23:02:30, on 11.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\Common Files\{F480C8E9-05CB-1035-0802-010510200166}\Update.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack\Haitsäk.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1FCF007B-FDDB-4A85-ADBE-D7D7637B0BD9} - C:\WINNT\system32\vtutu.dll
O2 - BHO: (no name) - {562693A3-8FCE-A315-0ECF-0467D45EDF70} - C:\WINNT\system32\nmeyril.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\covltelb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [qhbmyxc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qhbmyxc.dll,knlwjaf
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.harjunopk.fi/activex/AMC.cab
O20 - Winlogon Notify: vtutu - C:\WINNT\system32\vtutu.dll
O20 - Winlogon Notify: winmbj32 - C:\WINNT\SYSTEM32\winmbj32.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
|
Themes
Suspended due to non-functional email address
|
11. lokakuuta 2006 @ 19:06 |
Linkki tähän viestiin
|
täähän on saman lainen .... mäpäs poistan ton ja asennan uuden . tai siis haen uuden netistä.
|
Themes
Suspended due to non-functional email address
|
11. lokakuuta 2006 @ 19:14 |
Linkki tähän viestiin
|
ei kyl se antaa vieläkin samanlaisen login
|
AfterDawn Addict
|
12. lokakuuta 2006 @ 05:25 |
Linkki tähän viestiin
|
No eipäs ole samanlainen, tällaiset rivit ovat tulleet näkyviin, mikä oli koko homman tarkoitus :)
O2 - BHO: (no name) - {1FCF007B-FDDB-4A85-ADBE-D7D7637B0BD9} - C:\WINNT\system32\vtutu.dll
O2 - BHO: (no name) - {562693A3-8FCE-A315-0ECF-0467D45EDF70} - C:\WINNT\system32\nmeyril.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\covltelb.dll
O20 - Winlogon Notify: vtutu - C:\WINNT\system32\vtutu.dll
O20 - Winlogon Notify: winmbj32 - C:\WINNT\SYSTEM32\winmbj32.dll
Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINNT\system32\vtutu.dll
[*] C:\WINDOWS\system32\ututv.*
[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\ vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Ei HjT-lokeja tms. yksityisviestillä!
|
Themes
Suspended due to non-functional email address
|
12. lokakuuta 2006 @ 20:49 |
Linkki tähän viestiin
|
kotos vaan .. niinpäs onkii.
no täs olis sitten näitä:
VundoFix V6.2.1
Checking Java version...
Sun Java not detected
Scan started at 0:30:08 13.10.2006
Listing files found while scanning....
C:\WINNT\system32\covltelb.dll
C:\WINNT\system32\nmeyril.dll
C:\WINNT\system32\yblhueng.exe
C:\WINNT\system32\vtutu.dll
C:\WINNT\system32\ututv.ini
C:\WINNT\system32\ututv.bak1
C:\WINNT\system32\ututv.bak2
Beginning removal...
Attempting to delete C:\WINNT\system32\covltelb.dll
C:\WINNT\system32\covltelb.dll Has been deleted!
Attempting to delete C:\WINNT\system32\nmeyril.dll
C:\WINNT\system32\nmeyril.dll Has been deleted!
Attempting to delete C:\WINNT\system32\yblhueng.exe
C:\WINNT\system32\yblhueng.exe Has been deleted!
Attempting to delete C:\WINNT\system32\vtutu.dll
C:\WINNT\system32\vtutu.dll Has been deleted!
Attempting to delete C:\WINNT\system32\ututv.ini
C:\WINNT\system32\ututv.ini Has been deleted!
Attempting to delete C:\WINNT\system32\ututv.bak1
C:\WINNT\system32\ututv.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\ututv.bak2
C:\WINNT\system32\ututv.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
ja sitten vielä se toinen:
Logfile of HijackThis v1.99.1
Scan saved at 0:49:10, on 13.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{F480C8E9-05CB-1035-0802-010510200166}\Update.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1F3A3976-E494-4F4A-81DE-7023CDCB722C} - C:\WINNT\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {562693A3-8FCE-A315-0ECF-0467D45EDF70} - C:\WINNT\system32\nmeyril.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\covltelb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [qhbmyxc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qhbmyxc.dll,knlwjaf
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.harjunopk.fi/activex/AMC.cab
O20 - Winlogon Notify: winmbj32 - C:\WINNT\SYSTEM32\winmbj32.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
|
AfterDawn Addict
|
13. lokakuuta 2006 @ 05:21 |
Linkki tähän viestiin
|
Poista ohjauspaneelista:
IpWins
Fixaa:
O2 - BHO: (no name) - {1F3A3976-E494-4F4A-81DE-7023CDCB722C} - C:\WINNT\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {562693A3-8FCE-A315-0ECF-0467D45EDF70} - C:\WINNT\system32\nmeyril.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\covltelb.dll (file missing)
O4 - HKLM\..\Run: [qhbmyxc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\qhbmyxc.dll,knlwjaf
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O20 - Winlogon Notify: winmbj32 - C:\WINNT\SYSTEM32\winmbj32.dll
Käynnistä vikasietotilaan ja poista:
C:\Program Files\ipwins
C:\WINNT\system32\qhbmyxc.dll
C:\WINNT\SYSTEM32\winmbj32.dll
Käynnistä uudelleen.
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä combofixin loki ja uusi HjT-loki.
Ei HjT-lokeja tms. yksityisviestillä!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. lokakuuta 2006 @ 05:22
|
Themes
Suspended due to non-functional email address
|
14. lokakuuta 2006 @ 10:16 |
Linkki tähän viestiin
|
no niin. se ei poistunut se winmbj32.dll ===> herjas jotain että se on käytössä tai muuten vaan ihan vittuillessaan estetty.
sitten se loki:
Compaq - 06-10-14 14:07:31,43 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Documents and Settings\Compaq\Ty?p?yt?
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\IL41_32.DLL
Granting sedebugprivilege to Järjestelmänvalvojat ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\whcc2.exe
C:\WINNT\system32\tsuninst.exe
C:\WINNT\uninstall_nmon.vbs
C:\WINNT\system32\atmtd.dll
C:\WINNT\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\network monitor
C:\Program Files\Common Files\{3480C8E9-05CB-1035-0802-010510200166}
C:\WINNT\Q29tcGFx
C:\Program Files\Common Files\{F480C8E9-05CB-1035-0802-010510200166}
((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))
2006-10-11 14:22 53,760 --a------ C:\WINNT\system32\drivers\vfwwdm32.dll
2006-10-11 14:22 217,728 -ra------ C:\WINNT\system32\drivers\bdacap.sys
2006-10-11 14:22 11,264 -ra------ C:\WINNT\system32\drivers\GLKbFilter.sys
2006-10-11 14:21 114,688 -r------- C:\WINNT\system32\GLAPILIB.dll
2006-10-11 14:18 9,600 --a------ C:\WINNT\system32\drivers\hidusb.sys
2006-10-11 14:18 14,848 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2006-10-11 14:17 31,616 --a------ C:\WINNT\system32\drivers\usbccgp.sys
2006-10-11 12:53 40,973 ---hs---- C:\WINNT\system32\awtqrqn.dll
2006-10-11 12:53 15,872 --a------ C:\WINNT\system32\winmbj32.dll
2006-10-08 15:05 6,144 --a------ C:\WINNT\system32\ff_vfw.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-14 14:09 -------- d-a------ C:\Program Files\Common Files
2006-10-14 13:54 -------- d-------- C:\Program Files\Hijackthis
2006-10-11 14:30 -------- d-------- C:\Program Files\Steam
2006-10-11 14:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-11 14:20 -------- d-------- C:\Program Files\NewSoft
2006-10-11 14:20 -------- d-------- C:\Program Files\Common Files\NewSoft
2006-10-11 14:19 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-11 13:14 -------- d-------- C:\Documents and Settings\Compaq\Application Data\SearchToolbarCorp
2006-10-11 13:12 -------- d-------- C:\Program Files\VSToolbar
2006-10-10 14:41 -------- d-------- C:\Program Files\DC++
2006-10-08 15:05 -------- d-------- C:\Program Files\ffdshow
2006-10-08 13:03 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-08 12:53 -------- d-------- C:\Program Files\Football Tigers
2006-10-08 12:52 -------- d-------- C:\Program Files\Soulseek
2006-10-07 13:23 -------- d-------- C:\Documents and Settings\Compaq\Application Data\vlc
2006-09-25 18:45 666240 --a------ C:\WINNT\system32\aswBoot.exe
2006-09-25 18:40 87424 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2006-09-25 18:40 85952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2006-09-25 18:39 36176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2006-09-25 18:39 16352 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2006-09-25 18:37 90112 --a------ C:\WINNT\system32\AVASTSS.scr
2006-09-25 18:37 24560 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2006-09-16 20:29 -------- d-------- C:\Program Files\Webteh
2006-09-16 20:29 -------- d-------- C:\Program Files\BSplayer_WhenUSave_Installer
2006-09-13 08:03 1084416 --a------ C:\WINNT\system32\msxml3.dll
2006-09-06 21:55 -------- d---s---- C:\Documents and Settings\Compaq\Application Data\Microsoft
2006-08-30 17:28 -------- d-------- C:\Program Files\Axis Communications
2006-08-25 18:49 617472 --a------ C:\WINNT\system32\comctl32.dll
2006-08-21 15:26 16896 --a------ C:\WINNT\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINNT\system32\fltmc.exe
2006-08-21 12:14 128896 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-08-16 14:58 100352 --a------ C:\WINNT\system32\6to4svc.dll
2006-08-16 12:37 225664 --a------ C:\WINNT\system32\drivers\tcpip6.sys
2006-08-15 17:31 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 13:34 332928 --a------ C:\WINNT\system32\drivers\srv.sys
2006-07-27 16:26 679424 --a------ C:\WINNT\system32\inetcomm.dll
2006-07-21 11:28 72704 --a------ C:\WINNT\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINNT\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"Matrox Powerdesk"="C:\\WINNT\\System32\\PDesk\\PDesk.exe /Autolaunch"
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"ChangeFilterMerit"="C:\\Program Files\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe"
"Presto! PVR Monitor"="C:\\Program Files\\NewSoft\\Presto! PVR\\Monitor.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
"tscuninstall"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
"tscuninstall"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Sat 14.10.2006 14:10:15.85
C:\ComboFix.txt ... 14.10.2006 14:10
ja toinen:
Logfile of HijackThis v1.99.1
Scan saved at 14:14:44, on 14.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.harjunopk.fi/activex/AMC.cab
O20 - Winlogon Notify: winmbj32 - C:\WINNT\SYSTEM32\winmbj32.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
|
AfterDawn Addict
|
14. lokakuuta 2006 @ 10:33 |
Linkki tähän viestiin
|
Hiukan vielä työtä:
Ota ensin rekisteristä näin varmuuskopio:
Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)
Windows Registry Editor Version 5.00
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
[-HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
[-HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
[-HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.
Hae KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa
C:\WINNT\system32\drivers\GLKbFilter.sys
C:\WINNT\system32\awtqrqn.dll
C:\WINNT\system32\winmbj32.dll
Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
Aja combofix uudestaan
Lähetä sen loki ja uusi HjT-loki.
Ei HjT-lokeja tms. yksityisviestillä!
|
Themes
Suspended due to non-functional email address
|
14. lokakuuta 2006 @ 11:02 |
Linkki tähän viestiin
|
toimenpiteistä tapahtui seuraavaa:
Compaq - 06-10-14 14:58:31,93 Service Pack 2
ComboFix 06.10.08W - Running from: C:\Documents and Settings\Compaq\Ty?p?yt?
((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))
2006-10-14 14:48 339 --a------ C:\fix.reg
2006-10-14 14:45 54,750,386 --a------ C:\varmuuskopio.reg
2006-10-11 14:22 53,760 --a------ C:\WINNT\system32\drivers\vfwwdm32.dll
2006-10-11 14:22 217,728 -ra------ C:\WINNT\system32\drivers\bdacap.sys
2006-10-11 14:21 114,688 -r------- C:\WINNT\system32\GLAPILIB.dll
2006-10-11 14:18 9,600 --a------ C:\WINNT\system32\drivers\hidusb.sys
2006-10-11 14:18 14,848 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2006-10-11 14:17 31,616 --a------ C:\WINNT\system32\drivers\usbccgp.sys
2006-10-08 15:05 6,144 --a------ C:\WINNT\system32\ff_vfw.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-14 14:14 -------- d-------- C:\Program Files\Hijackthis
2006-10-14 14:09 -------- d-a------ C:\Program Files\Common Files
2006-10-11 14:30 -------- d-------- C:\Program Files\Steam
2006-10-11 14:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-11 14:20 -------- d-------- C:\Program Files\NewSoft
2006-10-11 14:20 -------- d-------- C:\Program Files\Common Files\NewSoft
2006-10-11 14:19 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-11 13:14 -------- d-------- C:\Documents and Settings\Compaq\Application Data\SearchToolbarCorp
2006-10-11 13:12 -------- d-------- C:\Program Files\VSToolbar
2006-10-10 14:41 -------- d-------- C:\Program Files\DC++
2006-10-08 15:05 -------- d-------- C:\Program Files\ffdshow
2006-10-08 13:03 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-08 12:53 -------- d-------- C:\Program Files\Football Tigers
2006-10-08 12:52 -------- d-------- C:\Program Files\Soulseek
2006-10-07 13:23 -------- d-------- C:\Documents and Settings\Compaq\Application Data\vlc
2006-09-25 18:45 666240 --a------ C:\WINNT\system32\aswBoot.exe
2006-09-25 18:40 87424 --a------ C:\WINNT\system32\drivers\aswmon2.sys
2006-09-25 18:40 85952 --a------ C:\WINNT\system32\drivers\aswmon.sys
2006-09-25 18:39 36176 --a------ C:\WINNT\system32\drivers\aswTdi.sys
2006-09-25 18:39 16352 --a------ C:\WINNT\system32\drivers\aswRdr.sys
2006-09-25 18:37 90112 --a------ C:\WINNT\system32\AVASTSS.scr
2006-09-25 18:37 24560 --a------ C:\WINNT\system32\drivers\aavmker4.sys
2006-09-16 20:29 -------- d-------- C:\Program Files\Webteh
2006-09-16 20:29 -------- d-------- C:\Program Files\BSplayer_WhenUSave_Installer
2006-09-13 08:03 1084416 --a------ C:\WINNT\system32\msxml3.dll
2006-09-06 21:55 -------- d---s---- C:\Documents and Settings\Compaq\Application Data\Microsoft
2006-08-30 17:28 -------- d-------- C:\Program Files\Axis Communications
2006-08-25 18:49 617472 --a------ C:\WINNT\system32\comctl32.dll
2006-08-21 15:26 16896 --a------ C:\WINNT\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINNT\system32\fltmc.exe
2006-08-21 12:14 128896 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-08-16 14:58 100352 --a------ C:\WINNT\system32\6to4svc.dll
2006-08-16 12:37 225664 --a------ C:\WINNT\system32\drivers\tcpip6.sys
2006-08-15 17:31 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 13:34 332928 --a------ C:\WINNT\system32\drivers\srv.sys
2006-07-27 16:26 679424 --a------ C:\WINNT\system32\inetcomm.dll
2006-07-21 11:28 72704 --a------ C:\WINNT\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINNT\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"Matrox Powerdesk"="C:\\WINNT\\System32\\PDesk\\PDesk.exe /Autolaunch"
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"NeroCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"ChangeFilterMerit"="C:\\Program Files\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe"
"Presto! PVR Monitor"="C:\\Program Files\\NewSoft\\Presto! PVR\\Monitor.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Sat 14.10.2006 14:59:24.04
C:\ComboFix.txt ... 14.10.2006 14:59
ja
Logfile of HijackThis v1.99.1
Scan saved at 15:01:17, on 14.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Officen käynnistys.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.harjunopk.fi/activex/AMC.cab
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
|
AfterDawn Addict
|
14. lokakuuta 2006 @ 11:28 |
Linkki tähän viestiin
|
Tuo fixiin:
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
Muuten ok
Vielä ongelmia?
Ei HjT-lokeja tms. yksityisviestillä!
|
Themes
Suspended due to non-functional email address
|
14. lokakuuta 2006 @ 11:31 |
Linkki tähän viestiin
|
juu korjasin sen yhen rivin vielä ... toivottavasti auttoi. ei ole ainakaan enään tullut mitään mainoksia tms.
SUURI KIITOS tästä!
|
Mainos
|
  |
|
AfterDawn Addict
|
14. lokakuuta 2006 @ 11:32 |
Linkki tähän viestiin
|
Mukava kuulla ja ole hyvä :)
Ei HjT-lokeja tms. yksityisviestillä!
|
|