YOUR PRIVACY IS IN DANGER +HJT logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

keskiviikko 6.8.2025 / 21:58

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > your privacy is in danger +hjt logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

YOUR PRIVACY IS IN DANGER +HJT logi

Siirry:

Kirjoittaja

Viesti

Lehtis

Newbie

11. lokakuuta 2007 @ 15:46

Linkki tähän viestiin

Tjoo, tällänen ollut paripäivää, vilkkuu kaikenlaisia ilmoituksia ruudussa, ja aukaisevat IE;llä sivuja.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:28:04, on 10.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\F-Secure\FSPC\fspc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\FSAUA\program\licmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ssflwbox.scr
C:\Documents and Settings\Admin\Työpöytä\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrvqw.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvqt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [castpinglicenseerror] C:\Documents and Settings\All Users\Application Data\draw four cast ping\warninternet.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\btorrent16.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [HECKCASH] C:\DOCUME~1\Admin\APPLIC~1\GPLMFC~1\typeproc.exe
O4 - HKCU\..\Run: [ProBNC] "C:\Program Files\Arkku IP Updater\sysupdate.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Admin\Työpöytä\Waret\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\Admin\LOCALS~1\Temp\vpnvow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw+0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw-0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw-0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw00 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw00s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw10 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw10s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw20 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw20s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw30 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw30s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw40 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw40s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw50 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw50s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw60 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw60s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw70 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw70s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw80 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw80s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw90 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw90s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwa0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwa0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwb0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwb0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwc0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwc0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwd0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwd0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwe0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwe0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwf0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwf0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwg0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwh0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwh0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwi0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwi0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwj0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwj0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwk0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwk0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwl0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwl0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwm0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwm0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwn0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwn0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwo0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwo0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwp0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwp0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwq0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwq0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwr0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwr0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bws0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bws0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwt0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwt0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwu0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwu0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwv0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwv0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bww0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bww0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwx0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwx0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwy0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwy0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwz0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwz0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: offline-8876480 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O21 - SSODL: msvb - {1FEF7F2D-C52C-4EA9-B6E2-9FCF438547DF} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {C0F93EBD-9F78-4339-8CE1-8447AC5F74D5} - C:\WINDOWS\sysdx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 20998 bytes

[ + lainaa]

Hujo

Suspended permanently

11. lokakuuta 2007 @ 23:10

Linkki tähän viestiin

1. Käynnistä Spybot-S&D Edistyneessä tilassa
2. Jos se ei ole Edistyneessä tilassa, mene Tila-valikkoon ja valitse Edistynyt tila
3. Klikkaa vasemmalla Työkalut
4. Klikkaa listassa Pysyvä suojaus
5. Ota rasti pois kohdasta "Pysyvä TeaTimer" ja paina OK.
6. Käynnistä kone uudelleen.

==================

Poista >>> Trend Micro HijackThis v2.0.0 (BETA)

sitten tuosta

Lataa TÄSTÄ HJTInstall.exe

* Tallenna HJTInstall.exe työpöydällesi.
* Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi.
* Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis.
* Klikkaa Install.
* Asennusohjelma luo HijackThis-kuvakkeen työpöydälle.
* Kun asennus on valmis, se käynnistää HijackThisin.
* Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon.
* Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön.
* Liitä lokin sisältö seuraavaan vastaukseesi.
* ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä.
* ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.

===================

Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

======================

Scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [castpinglicenseerror] C:\Documents and Settings\All Users\Application Data\draw four cast ping\warninternet.exe
O4 - HKCU\..\Run: [HECKCASH] C:\DOCUME~1\Admin\APPLIC~1\GPLMFC~1\typeproc.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Admin\Työpöytä\Waret\MsgPlus.exe" /WinStart
O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\Admin\LOCALS~1\Temp\vpnvow.exe
O18 - Protocol: bw+0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw+0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw-0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw-0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw00 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw00s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw10 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw10s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw20 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw20s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw30 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw30s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw40 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw40s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw50 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw50s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw60 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw60s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw70 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw70s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw80 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw80s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw90 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bw90s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwa0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwa0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwb0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwb0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwc0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwc0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwd0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwd0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwe0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwe0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwf0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwf0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwg0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwh0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwh0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwi0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwi0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwj0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwj0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwk0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwk0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwl0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwl0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwm0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwm0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwn0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwn0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwo0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwo0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwp0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwp0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwq0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwq0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwr0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwr0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bws0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bws0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwt0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwt0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwu0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwu0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwv0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwv0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bww0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bww0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwx0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwx0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwy0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwy0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwz0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: bwz0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
O18 - Protocol: offline-8876480 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)

=================

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

===================

Koneella avasti ja F-secure kumpaa käytät?

==================

laita lokit ja uusi hjt:n loki viimisenä scannaten.

[ + lainaa]

Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. lokakuuta 2007 @ 23:23

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > your privacy is in danger +hjt logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.