|
Hjt Logi
|
|
Junior Member
|
7. helmikuuta 2007 @ 14:53 |
Linkki tähän viestiin
|
Terve.
Tässä olisi HjT logi jollekkin reippaalle nerolle(esim kemisti=))
Logfile of HijackThis v1.99.1
Scan saved at 19:49:51, on 7.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\jean-eric sandelin\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?5962f2948f6f4ce69c3df56c77e67859
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?5962f2948f6f4ce69c3df56c77e67859
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB12353-3013-4701-9815-645DB5F1BB35}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A6B65AE-A7DD-4B5B-B8A9-BEC33309FD61}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{8999F8E8-E288-4A7E-A5F1-1C0153EC5767}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C0815C-9B5D-43BB-9582-9EEBBD6E4AAF}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4C8831-F95E-454B-BAE8-B9F02BC6EB90}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2007 @ 15:04 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. helmikuuta 2007 @ 15:06
|
Junior Member
|
7. helmikuuta 2007 @ 15:16 |
Linkki tähän viestiin
|
Kiitos nopeasta vastauksesta.Tässä nämä logit:
Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\System32\kdkmy.exe will be moved to C:\WINDOWS\temp\kdkmy.ren at reboot.
»»»»» System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
"C:\Documents and Settings\jean-eric \Application Data\Install.dat" Deleted
»»»»» Misc files.
»»»»» Checking for older varients.
»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»
PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Personal Security Center Monitor"="C:\\WINDOWS\\system32\\isc_ui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
Hosts file was reset, If you use a custom hosts file please replace it
Logfile of HijackThis v1.99.1
Scan saved at 20:11:01, on 7.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jean-eric sandelin\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?5962f2948f6f4ce69c3df56c77e67859
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?5962f2948f6f4ce69c3df56c77e67859
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB12353-3013-4701-9815-645DB5F1BB35}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A6B65AE-A7DD-4B5B-B8A9-BEC33309FD61}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{8999F8E8-E288-4A7E-A5F1-1C0153EC5767}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C0815C-9B5D-43BB-9582-9EEBBD6E4AAF}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4C8831-F95E-454B-BAE8-B9F02BC6EB90}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2007 @ 15:21 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB12353-3013-4701-9815-645DB5F1BB35}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A6B65AE-A7DD-4B5B-B8A9-BEC33309FD61}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{8999F8E8-E288-4A7E-A5F1-1C0153EC5767}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C0815C-9B5D-43BB-9582-9EEBBD6E4AAF}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4C8831-F95E-454B-BAE8-B9F02BC6EB90}: NameServer = 85.255.116.120,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.120 85.255.112.235
aja fixwareout uudestaan
Voiko tietsikka koskaan toimia?
|
Junior Member
|
7. helmikuuta 2007 @ 15:31 |
Linkki tähän viestiin
|
|
Tässä tuo uusi logi.Voitko suositella jotain hyvää palomuuria?
Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
»»»»» System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
»»»»» Misc files.
»»»»» Checking for older varients.
»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»
PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Personal Security Center Monitor"="C:\\WINDOWS\\system32\\isc_ui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
Hosts file was reset, If you use a custom hosts file please replace it
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2007 @ 15:43 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
Junior Member
|
7. helmikuuta 2007 @ 15:47 |
Linkki tähän viestiin
|
Tuossa toi HjT logi ja paljon kiitoksia sinulle.
Logfile of HijackThis v1.99.1
Scan saved at 20:46:13, on 7.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jean-eric \Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?5962f2948f6f4ce69c3df56c77e67859
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?5962f2948f6f4ce69c3df56c77e67859
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
|
Junior Member
|
7. helmikuuta 2007 @ 15:51 |
Linkki tähän viestiin
|
|
Yritin laitta tuota comodo muuria mutta tulee joku varoitus että se ei ole kelvollinen win32 sovellus????
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2007 @ 15:55 |
Linkki tähän viestiin
|
Scannaa hjt:llä merkkaa paina Fix checked
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
käynnistä > suorita kirjoita alla olevat ja jokaisen rivin jälkeen paina ok
sc stop NipSvc
sc delete NipSvc
aja vikasiedossa
Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
ja tallenna ohjelma työpöydällesi.
? Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
? Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
? Käynnistä AVG Anti-Spyware.
? Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
? Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
? Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
? Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"
? Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
? "Resident shield is", muuta tila active:sta inactive:ksi
? Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
? Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
? Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
? Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
? Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
? Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
? Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
? Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
? Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
ja normaalissa tilassa escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg
scannaa
jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.
Laita virus log tänne.
Pistä vaikka tuo zone arlam
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. helmikuuta 2007 @ 15:57
|
Junior Member
|
7. helmikuuta 2007 @ 16:09 |
Linkki tähän viestiin
|
|
Tuo ei lähde hjt:ellä
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
|
Junior Member
|
7. helmikuuta 2007 @ 16:13 |
Linkki tähän viestiin
|
|
Nyt lähti.Ja sitten yksi tyhmä kysymys.Miten ajan vikasiedossa ja kiitos että jaksat auttaa.
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2007 @ 18:54 |
Linkki tähän viestiin
|
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjä tilisi ja taas pikkunen ikkuna paina ok
sitten AVG siellä
Voiko tietsikka koskaan toimia?
|
Junior Member
|
11. helmikuuta 2007 @ 19:10 |
Linkki tähän viestiin
|
Terve.
En ajanut vikasietotilassa koska en tiennyt mikä niistä neljästä vaihtoehdoistaolisi pitänut valita(ei lukenut suomeksi taikka englanniks mitään vikasieto tilasta kun painoin f8:sia??Avira antiviriä en myöskään pystynyt päivittää....
Tässä uusimmat logit:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 23:11:59 11.2.2007
+ Scan result:
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP63\A0043200.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP63\A0043272.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP64\A0043280.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP64\A0043292.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP64\A0043315.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043416.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043427.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043451.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043470.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043488.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043500.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0043515.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044585.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044599.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044639.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044655.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044695.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044710.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044724.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP65\A0044794.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP66\A0044930.cpl -> Adware.SecurityCenter : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP66\A0045028.exe -> Adware.Spysheriff : Cleaned.
C:\System Volume Information\_restore{496B14EF-CFF9-4D26-A20D-7426234FC459}\RP66\A0045246.exe -> Downloader.Zlob.aty : Cleaned.
C:\WINDOWS\Temp\kdkmy.ren -> Downloader.Zlob.aty : Cleaned.
:mozilla.158:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.130:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.131:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.138:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.139:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.83:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.32:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.33:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.67:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.22:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.24:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.26:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.27:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\fmtn0b5f.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2A32.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld33A8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3534.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld365.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3A61.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3C72.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld409D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld44DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld45F9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld464D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4FA1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5039.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5397.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5608.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6151.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld672A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld695E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6BCD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7217.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld78DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A16.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld85EE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld8880.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld90B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld935B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld9415.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld9458.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld953D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld959D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld95CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld96F3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld99F4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA4EF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA56A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA56B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA616.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA6B5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA77F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA829.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldAB35.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldAB7A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldAE53.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldB17.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldB6C1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldB73E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldB8D6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldBD0D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldBE35.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldC7F9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldC895.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldCCCC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldCE64.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldD8E8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldDD7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldE0CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldE200.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldE653.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldE6F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldE9F1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldF3D4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldF7B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldFC13.tmp -> Trojan.Small : Cleaned.
::Report end
Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
»»»»» System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
»»»»» Misc files.
»»»»» Checking for older varients.
»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»
PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Personal Security Center Monitor"="C:\\WINDOWS\\system32\\isc_ui.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
Hosts file was reset, If you use a custom hosts file please replace it
Logfile of HijackThis v1.99.1
Scan saved at 23:14:59, on 11.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\jean\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?5962f2948f6f4ce69c3df56c77e67859
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?5962f2948f6f4ce69c3df56c77e67859
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
AntiVir PersonalEdition Classic
Report file date: 11. helmikuuta 2007 23:35
Scanning for 569934 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: jean-eric sandelin
Computer name: YOUR-1F9C2ABAF5
Version information:
BUILD.DAT : 217 12749 Bytes 5.12.2006 17:00:00
AVSCAN.EXE : 7.0.3.2 208936 Bytes 5.12.2006 14:30:07
AVSCAN.DLL : 7.0.3.1 35880 Bytes 5.12.2006 15:00:22
LUKE.DLL : 7.0.3.2 143400 Bytes 31.10.2006 15:07:46
LUKERES.DLL : 7.0.2.0 9256 Bytes 5.12.2006 15:00:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31.5.2006 14:30:06
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14.11.2006 08:12:08
ANTIVIR2.VDF : 6.36.1.113 221696 Bytes 1.12.2006 08:12:12
ANTIVIR3.VDF : 6.37.0.3 6144 Bytes 1.12.2006 08:12:14
AVEWIN32.DLL : 7.3.0.15 1982976 Bytes 4.12.2006 16:18:38
AVPREF.DLL : 7.0.2.0 23592 Bytes 3.11.2006 09:53:44
AVREP.DLL : 6.37.0.3 983080 Bytes 1.12.2006 08:05:52
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30.3.2006 07:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 23.10.2006 14:21:31
AVREG.DLL : 7.0.1.1 30760 Bytes 23.10.2006 09:52:27
NETNT.DLL : No Information!
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 8.11.2006 11:26:26
RCTEXT.DLL : 7.0.12.1 77864 Bytes 5.12.2006 15:00:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000
Start of the scan: 11. helmikuuta 2007 23:35
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'update.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'firefox.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'avgas.exe' - '1' Modules have been scanned
Scan process 'cpf.exe' - '0' Modules have been scanned
Scan process 'jusched.exe' - '1' Modules have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Modules have been scanned
Scan process 'wscntfy.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'nvsvc32.exe' - '1' Modules have been scanned
Scan process 'cmdagent.exe' - '0' Modules have been scanned
Scan process 'guard.exe' - '0' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
26 processes with 26 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( 17 files ).
Starting the file scan:
Begin scan in 'C:\' <430605>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <C:\>
The path F:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'G:\' <F:\>
The path G:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'H:\' <G:\>
The path H:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'I:\' <H:\>
The path I:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'J:\' <I:\>
The path J:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'D:\' <J:\>
The path D:\ could not be found!
Laite ei ole valmiina.
Begin scan in 'E:\' <D:\>
The path E:\ could not be found!
Laite ei ole valmiina.
End of the scan: 11. helmikuuta 2007 23:53
Used time: 17:19 min
The scan has been done completely.
2751 Scanning directories
196711 Files were scanned
0 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
196711 Files not concerned
6890 Archives were scanned
2 Warnings
50 Notes
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
11. helmikuuta 2007 @ 21:25 |
Linkki tähän viestiin
|
tuolla katotaan vielä
Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
