|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Ilmoittelee jatkuvasti viruksista ja haittaohjelmista, sekä hidas kone
|
|
|
e212
Junior Member
|
21. maaliskuuta 2007 @ 17:48 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 22:04:04, on 21.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe
|
|
Auttaja
Suspended permanently
|
22. maaliskuuta 2007 @ 03:06 |
Linkki tähän viestiin
|
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
*************
1) Lataa http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
2) Tallenna VirtumundoBeGone.exe työpöydällesi.
3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
4) Kun työkalu on valmis, käynnistä kone uudelleen.
Se luo työpöydällesi lokin nimeltä VBG.TXT, kopioi ja liitä sen sisältö vastaukseesi.
**********
uusi HijackThis logi
|
|
e212
Junior Member
|
22. maaliskuuta 2007 @ 15:16 |
Linkki tähän viestiin
|
VundoFix V6.3.17
Checking Java version...
Sun Java not detected
Scan started at 20:03:35 22.3.2007
Listing files found while scanning....
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\cbxusqp.dll
C:\WINDOWS\system32\ffcwmefh.exe
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hlhjonyi.dll
C:\WINDOWS\system32\hmrhuyno.exe
C:\WINDOWS\system32\jjrxrdgl.exe
C:\WINDOWS\system32\jmeiaxhf.dll
C:\WINDOWS\system32\kflhulrc.dll
C:\WINDOWS\system32\mibgixlh.exe
C:\WINDOWS\system32\obqgsydf.dll
C:\WINDOWS\system32\oivodptb.exe
C:\WINDOWS\system32\oyrcmurq.exe
C:\WINDOWS\system32\uasofmfc.dll
C:\WINDOWS\system32\ywutbfme.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxusqp.dll
C:\WINDOWS\system32\cbxusqp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ffcwmefh.exe
C:\WINDOWS\system32\ffcwmefh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hlhjonyi.dll
C:\WINDOWS\system32\hlhjonyi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hmrhuyno.exe
C:\WINDOWS\system32\hmrhuyno.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjrxrdgl.exe
C:\WINDOWS\system32\jjrxrdgl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmeiaxhf.dll
C:\WINDOWS\system32\jmeiaxhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kflhulrc.dll
C:\WINDOWS\system32\kflhulrc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mibgixlh.exe
C:\WINDOWS\system32\mibgixlh.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\obqgsydf.dll
C:\WINDOWS\system32\obqgsydf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oivodptb.exe
C:\WINDOWS\system32\oivodptb.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\oyrcmurq.exe
C:\WINDOWS\system32\oyrcmurq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\uasofmfc.dll
C:\WINDOWS\system32\uasofmfc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ywutbfme.dll
C:\WINDOWS\system32\ywutbfme.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:04:04, on 21.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Omistaja\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe
[03/22/2007, 20:12:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Omistaja\Työpöytä\VirtumundoBeGone.exe" )
[03/22/2007, 20:12:50] - Detected System Information:
[03/22/2007, 20:12:50] - Windows Version: 5.1.2600, Service Pack 2
[03/22/2007, 20:12:50] - Current Username: Omistaja (Admin)
[03/22/2007, 20:12:50] - Windows is in NORMAL mode.
[03/22/2007, 20:12:50] - Searching for Browser Helper Objects:
[03/22/2007, 20:12:50] - BHO 1: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} (GamesBar)
[03/22/2007, 20:12:51] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[03/22/2007, 20:12:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/22/2007, 20:12:51] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - No filename found. Continuing.
[03/22/2007, 20:12:51] - BHO 5: {979808D8-146F-41D6-9E03-9420CE062256} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - Checking for HKLM\...\Winlogon\Notify\gebcb
[03/22/2007, 20:12:51] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[03/22/2007, 20:12:51] - BHO 6: {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} ()
[03/22/2007, 20:12:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/22/2007, 20:12:51] - Checking for HKLM\...\Winlogon\Notify\umvqfhtd
[03/22/2007, 20:12:51] - Key not found: HKLM\...\Winlogon\Notify\umvqfhtd, continuing.
[03/22/2007, 20:12:51] - Finished Searching Browser Helper Objects
[03/22/2007, 20:12:51] - Finishing up...
[03/22/2007, 20:12:51] - Nothing found! Exiting...
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2007 @ 15:51 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
GamesBar
scannaa hjt:llä merkkaa paina Fix checked
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
===========
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop "F-Secure Network Request Broker"
sc delete "F-Secure Network Request Broker"
sc stop FSMA
sc delete FSMA
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
===============
1.Lataa combofix.exe http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
==========
mene vikasietotilaan
Poista kansio
C:\Program Files\GamesBar
============
Lähetä lokit
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. maaliskuuta 2007 @ 16:01
|
|
Auttaja
Suspended permanently
|
22. maaliskuuta 2007 @ 16:04 |
Linkki tähän viestiin
|
Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)'
O2 - BHO: (no name) - {1E5ABCC0-621C-454C-983A-5891AFC47D4B} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
Unknown
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\cbxusqp.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rytdhlje.dll",setvm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O20 - Winlogon Notify: cbxusqp - C:\WINDOWS\SYSTEM32\cbxusqp.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\system32\gebcb.dll
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Laita uusi HijackThis logi
|
|
e212
Junior Member
|
23. maaliskuuta 2007 @ 08:17 |
Linkki tähän viestiin
|
"Omistaja" - 07-03-23 13:05:21 Service Pack 2
ComboFix 07-03-22.2 - Running from: "C:\Documents and Settings\Omistaja\Ty?p?yt?"
((((((((((((((((((((((((((((((( Files Created from 2007-02-23 to 2007-03-23 ))))))))))))))))))))))))))))))))))
2007-03-23 13:00 <KANSIO> d-------- C:\backups
2007-03-23 11:13 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-03-23 11:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-23 11:13 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-23 11:13 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-03-23 11:13 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-03-22 20:03 <KANSIO> d-------- C:\VundoFix Backups
2007-03-22 20:02 95,744 --a------ C:\VundoFix.exe
2007-03-22 19:54 <KANSIO> d-------- C:\DOCUME~1\Pirkko\WINDOWS
2007-03-22 19:53 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-03-22 19:53 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-22 19:53 <KANSIO> d-------- C:\Program Files\Common Files\DirectX
2007-03-22 19:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\InstallShield
2007-03-22 19:52 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Yahoo!
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:52 <KANSIO> d-------- C:\Program Files\Common Files\Oberon Media
2007-03-22 19:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
2007-03-22 16:48 123,972 --a------ C:\WINDOWS\system32\bxbxjcvp.dll
2007-03-21 22:27 218,112 --a------ C:\HijackThis_v1.99.1.exe
2007-03-21 17:09 995,136 --a------ C:\WINDOWS\system32\MSAJT200.DLL
2007-03-21 17:09 95,200 --a------ C:\WINDOWS\system32\VBDB300.DLL
2007-03-21 17:09 640,512 --a------ C:\WINDOWS\system32\oc30.dll
2007-03-21 17:09 551,936 --a------ C:\WINDOWS\system32\vcfiwz32.DLL
2007-03-21 17:09 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
2007-03-21 17:09 17,424 --a------ C:\WINDOWS\system32\MSAJT112.DLL
2007-03-21 17:09 133,904 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-03-21 17:09 1,116,160 --a------ C:\WINDOWS\system32\vcfidl32.DLL
2007-03-21 17:08 300,032 --a------ C:\WINDOWS\unin040b.exe
2007-03-19 22:55 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-03-18 18:29 132,116 --a------ C:\WINDOWS\system32\umvqfhtd.dll
2007-03-18 17:39 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BSplayer Pro
2007-03-18 17:03 20,654 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-03-17 01:25 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\BSplayer Pro
2007-03-16 21:30 <KANSIO> dr------- C:\DOCUME~1\NETWOR~1\Suosikit
2007-03-15 22:28 123,412 --a------ C:\WINDOWS\system32\lhmdsbvd.dll
2007-03-14 10:25 132,116 --a------ C:\WINDOWS\system32\quamkhax.dll
2007-03-14 10:17 132,116 --a------ C:\WINDOWS\system32\nakyrgdg.dll
2007-03-13 16:24 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-12 19:36 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2007-03-10 14:56 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Jasc Software Inc
2007-03-10 11:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\InstallShield Installation Information
2007-03-10 11:53 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Google
2007-03-10 10:25 131,604 --a------ C:\WINDOWS\system32\mpbvgbkt.dll
2007-03-09 20:13 131,604 --a------ C:\WINDOWS\system32\rscgsyph.dll
2007-03-08 20:50 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\BitTorrent
2007-03-07 15:52 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Apple Computer
2007-03-07 02:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
2007-03-06 17:16 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-06 14:04 123,412 --a------ C:\WINDOWS\system32\rbtrpdmx.dll
2007-03-06 13:13 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Lavasoft
2007-03-05 12:24 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-05 12:03 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Lavasoft
2007-03-05 01:57 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\DriveCleaner Free
2007-03-05 01:47 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-03-05 01:47 <KANSIO> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-03-04 14:45 3,580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-03 16:21 <KANSIO> d-------- C:\Program Files\Deluxe Ski Jump 3
2007-02-28 18:50 <KANSIO> d-------- C:\WINDOWS\system32\RNBOSENT
2007-02-28 18:31 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2007-02-28 17:40 <KANSIO> d-------- C:\Program Files\Common Files\Jasc Software Inc
2007-02-28 17:40 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-02-28 17:39 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Jasc Software Inc
2007-02-28 17:11 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-28 17:11 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-02-28 17:10 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-02-28 17:10 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-26 21:30 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-02-26 18:07 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Apple Computer
2007-02-26 18:05 <KANSIO> d-------- C:\Program Files\QuickTime
2007-02-25 21:46 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-02-25 21:46 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-02-25 21:46 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2007-02-25 21:46 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2007-02-25 21:46 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-02-25 21:46 344,064 --a------ C:\WINDOWS\system32\msexch35.dll
2007-02-25 21:46 294,912 --a------ C:\WINDOWS\system32\msxbse35.dll
2007-02-25 21:46 262,144 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-02-25 21:46 252,688 --a------ C:\WINDOWS\system32\msexcl35.dll
2007-02-25 21:46 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-02-25 21:46 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-02-25 21:46 168,720 --a------ C:\WINDOWS\system32\msltus35.dll
2007-02-25 21:46 166,672 --a------ C:\WINDOWS\system32\mstext35.dll
2007-02-25 21:46 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-02-25 21:46 1,238,288 --a------ C:\WINDOWS\system32\msjt4jlt.dll
2007-02-25 21:46 1,050,896 --a------ C:\WINDOWS\system32\msjet35.dll
2007-02-24 05:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-02-23 20:43 <KANSIO> d-------- C:\DOCUME~1\Pirkko\APPLIC~1\Media Player Classic
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-23 12:55 76842 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-23 12:55 378280 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-22 19:53 -------- d-------- C:\Program Files\runtime software
2007-03-22 19:48 -------- d--h----- C:\Program Files\installshield installation information
2007-03-05 12:55 1485 --a------ C:\WINDOWS\mozver.dat
2007-02-28 17:40 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-28 17:22 -------- d-------- C:\Program Files\vista sidebar
2007-02-21 21:54 -------- d-------- C:\Program Files\msbuild
2007-02-21 21:54 -------- d-------- C:\Program Files\microsoft works
2007-02-21 03:54 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\sun
2007-02-21 03:52 -------- d-------- C:\Program Files\Common Files\java
2007-02-20 21:51 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\media player classic
2007-02-20 02:32 -------- dr------- C:\DOCUME~1\Omistaja\APPLIC~1\brother
2007-02-19 23:37 34 --a------ C:\WINDOWS\system32\bd2030.dat
2007-02-19 23:28 -------- d-------- C:\Program Files\brownie
2007-02-19 23:28 -------- d-------- C:\Program Files\brother
2007-02-19 10:09 -------- d-------- C:\Program Files\messenger
2007-02-19 08:47 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\help
2007-02-19 04:26 -------- d-------- C:\Program Files\visualtooltip
2007-02-19 04:26 -------- d-------- C:\Program Files\styler
2007-02-18 18:16 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\styler
2007-02-18 17:31 -------- d-------- C:\Program Files\msn messenger
2007-02-18 17:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-18 16:01 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\intervideo
2007-02-18 15:57 -------- d-------- C:\Program Files\daemon tools
2007-02-18 15:55 646392 --------- C:\WINDOWS\system32\drivers\sptd.sys
2007-02-18 13:51 -------- d-------- C:\Program Files\pixrecovery
2007-02-18 13:16 -------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\f-secure
2007-02-18 12:43 -------- d-------- C:\Program Files\movie maker
2007-02-18 12:41 -------- d-------- C:\Program Files\windows nt
2007-02-18 07:24 -------- d-------- C:\Program Files\powerquest
2007-02-18 07:23 -------- d-------- C:\Program Files\ontrack
2007-02-18 07:22 -------- d-------- C:\Program Files\partition magic
2007-02-18 03:35 -------- d-------- C:\Program Files\conexant
2007-02-18 03:31 548 --a------ C:\pnpID.dat
2007-02-18 03:26 0 -rahs---- C:\MSDOS.SYS
2007-02-18 03:26 0 -rahs---- C:\IO.SYS
2007-02-18 03:26 0 --a------ C:\CONFIG.SYS
2007-02-18 03:26 0 --a------ C:\AUTOEXEC.BAT
2007-02-18 03:26 -------- d-------- C:\Program Files\microsoft frontpage
2007-02-18 03:25 21672 --------- C:\WINDOWS\system32\emptyregdb.dat
2007-02-18 03:25 -------- d-------- C:\Program Files\online services
2007-02-18 03:25 -------- d-------- C:\Program Files\Common Files\mssoap
2007-02-18 03:24 -------- d--h----- C:\Program Files\windowsupdate
2007-02-18 03:24 -------- d-------- C:\Program Files\msn gaming zone
2007-02-17 17:20 62 --ahs---- C:\DOCUME~1\Omistaja\APPLIC~1\desktop.ini
2007-02-17 17:20 -------- d-------- C:\Program Files\Common Files\speechengines
2007-02-17 17:20 -------- d-------- C:\Program Files\Common Files\odbc
2007-01-19 22:53 51056 --------- C:\WINDOWS\system32\sirenacm.dll
2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
"avast!"="H:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\bxbxjcvp.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rbtrpdmx"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\rbtrpdmx.dll\",setvm"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FSM32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TNBUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LClock"
"hkey"="HKLM"
"command"="C:\\Program Files\\LClock\\LClock.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Data Secure]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PBDataSecure"
"hkey"="HKCU"
"command"="F:\\Program files\\Packard Bell Data Secure\\PBDataSecure.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcpas.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcsdr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"command"="H:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"H:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Save"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Save\\Save.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
~ ~ ~ ~ ~ ~ ~ ~ HijackThis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070323-130435-763
O2 - BHO: (no name) - {BB886F93-FA84-4B1B-9B1A-86D8F34E230c} - C:\WINDOWS\system32\umvqfhtd.dll
backup-20070323-130435-805
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
backup-20070323-130435-564
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070323-130435-474
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070323-130435-297
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
backup-20070323-130021-804
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
backup-20070323-130021-792
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing)
backup-20070323-130021-397
O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing)
backup-20070323-130021-830
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-23 13:07:10
Logfile of HijackThis v1.99.1
Scan saved at 13:15:50, on 23.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {979808D8-146F-41D6-9E03-9420CE062256} - C:\WINDOWS\system32\gebcb.dll (file missing)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\bxbxjcvp.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
|
|
Auttaja
Suspended permanently
|
23. maaliskuuta 2007 @ 08:50 |
Linkki tähän viestiin
|
Tere, fixaa nää rivit
O2 - BHO: (no name) - {979808D8-146F-41D6-9E03-9420CE062256} - C:\WINDOWS\system32\gebcb.dll (file missing)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\bxbxjcvp.dll",setvm
Poista nää tiedostot jos löytyy
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\bxbxjcvp.dll
Laita piilotiedostot näkyviin jos ei löydy
laita uusi HijackThis logi, kerro onko ongelmia millasia?
|
|
e212
Junior Member
|
23. maaliskuuta 2007 @ 09:06 |
Linkki tähän viestiin
|
Joo, kone on nyt paljon nopeampi ku ennen, ei oo enää mitään isompia ongelmia ilmenny. Kiitti avusta!
Logfile of HijackThis v1.99.1
Scan saved at 14:03:09, on 23.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://H:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B70BF7-09B8-4057-BE26-286944B1293E}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
23. maaliskuuta 2007 @ 11:52 |
Linkki tähän viestiin
|
|
|
|
