1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

hijack this logi

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi jeejeeje 17.09.2005.

  1. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    jep eli voisko joku kattoa onko tuossa mittään ihmeellistä kun kone tilttailee koko ajan.


    Logfile of HijackThis v1.99.1
    Scan saved at 14:21:28, on 17.9.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Print!\print!.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.inet.fi:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\acrobat reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [Task manager] TASKMON.EXE
    O4 - HKLM\..\Run: [vhiu] C:\WINDOWS\etufng.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe
    O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\jotaki\acrobat reader\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: F-Secure product (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Kyllä siinä on:

    Hae LSPFix tuolta (joko se zippi tai sitten exe).
    http://cexx.org/lspfix.htm

    Tallenna se vaikka työpöydälle tai johonkin hakemistoon.

    Avaa LSPFix

    Laita rasti ruutuun, "I know what I’m doing".

    Klikkaa vasemmassa ruudussa olevaa winsflt.dll , siirrä se oikealla olevaan ruutuun nuolinäppäimellä, klikkaa "Remove" ja sulje LSPFix.

    Fixaa hijackthisillä ( klikkaa do a system scan, merkkaa nämä ja paina fix checked):

    O4 - HKLM\..\Run: [Task manager] TASKMON.EXE
    O4 - HKLM\..\Run: [vhiu] C:\WINDOWS\etufng.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0-k
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winpl/sites/pops/A001/DNLCerti...

    Tiedätkö, mikä ohjelma tämä on -> O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe Itse en tunnista tuota.

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\WINDOWS\==>etufng.exe<==
    TASKMON.EXE (varmaankin C:\Windows\system32-hakemistossa)

    Käynnistä uudestaan ja lähetä uusi loki.
     
    Viimeksi muokattu: 17.09.2005
  4. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    tuo print on vissii joku printscreeen juttu. tuota etufng.exe tiedostoa ei löytynyt. taskmanin poistin.


    Logfile of HijackThis v1.99.1
    Scan saved at 15:54:04, on 17.9.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE
    C:\Program Files\Print!\print!.exe
    D:\jotaki\acrobat reader\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINDOWS\System32\CTSvcCDA.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguiexe.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.inet.fi:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\acrobat reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKCU\..\Run: [Print!] C:\Program Files\Print!\print!.exe
    O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\jotaki\acrobat reader\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: F-Secure product (BackWeb Client - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~2\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Loki näyttää ihan hyvältä, tuon unohdin pyytää fixata. Fixaa se vielä.

    R3 - Default URLSearchHook is missing

    Ei tarvitse laittaa enää uutta lokia, jos nuo tilttailuongelmat hävisivät :)
     
  6. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    Ei ikävä kyllä hävinny.
     
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Laita sitten seuraavaks uninstall-lista eli hijackthisissä open misc tools -> open uninstall manager -> save list -> tallenna. Se tallentaa tuon listan nimellä uninstall_list.txt. Lähetä se lista tänne.
     
    Viimeksi muokattu: 17.09.2005
  8. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    Kiitti ku jaksat auttaa. Tuossa olis tuo lista:


    5 Clicks
    Action Quake 2 Install v2
    Ad-aware 6 Professional
    Adobe Acrobat 4.0
    Adobe Download Manager 2.0 (Poista ainoastaan)
    Adobe PageMaker 7.0
    Adobe Photoshop 6.0
    Adobe Photoshop 7.0
    Adobe Reader 7.0 - Suomi
    Adobe SVG Viewer
    Advanced Networking Pack for Windows XP
    Advanced RealMedia Export Plug-in for Premiere 6.0
    Ahead Nero Burning ROM
    ATI Display Driver
    BHA B's Recorder GOLD 5.32
    B's CLiP
    Canon OpenPage Print Component
    Canon PhotoRecord
    Canon PowerShot RS-232C TWAIN Driver
    Canon PowerShot Utilities PhotoStitch 3.1
    Canon PowerShot Utilities ZoomBrowser EX
    DC++ 0.674
    DVD-RAM Driver
    EAX Unified
    Enable S3 for USB Device
    Express Thumbnail Creator 1.72
    F1RS
    F-Secure Internet Security 2005
    GameSpy Arcade
    Gap Sk8er
    HijackThis 1.99.1
    HP Image Zone 4.7
    HP Image Zone Express
    HP PSC & OfficeJet 4.7
    HP Software Update
    Image Transfer
    ImageMixer for Sony
    InterActual Player
    Internet Explorer Q903235
    Java 2 Runtime Environment, SE v1.4.1_01
    Java Web Start
    LAVA! Player
    MediaRing Talk Release 7.2.026
    Microsoft Data Access Components KB870669
    Microsoft Office 2000 SR-1 Premium
    MicroStaff WINASPI
    mIRC
    Motherboard Monitor 5
    Mozilla (1.6)
    Mozilla Firefox (1.0.6)
    MSN Messenger 7.0
    neoDVDplus
    oDC (remove only)
    Opera
    Paint Shop Pro 7 ESD
    Pinnacle Hollywood FX 5
    PixMaker
    PixScreen_CE
    PowerDVD
    Päivitys Windows XP:lle (KB898461)
    Quake 3 Arena Demo
    Quake III Arena Point Release (1.29h) BETA
    QuickTime
    Realtek AC'97 Audio
    RevConnect
    RTLSetup
    Shockwave
    SolidCapture
    Sonera Internet FTP
    Sony USB Driver
    Sound Blaster AUDIOPCI128
    Space Station Manager 1.1.0 TRIAL
    Spybot - Search & Destroy 1.4
    Suojauspäivitys Windows XP:lle (KB890046)
    Suojauspäivitys Windows XP:lle (KB893756)
    Suojauspäivitys Windows XP:lle (KB896358)
    Suojauspäivitys Windows XP:lle (KB896422)
    Suojauspäivitys Windows XP:lle (KB896423)
    Suojauspäivitys Windows XP:lle (KB896426)
    Suojauspäivitys Windows XP:lle (KB896428)
    Suojauspäivitys Windows XP:lle (KB899587)
    Suojauspäivitys Windows XP:lle (KB899588)
    Suojauspäivitys Windows XP:lle (KB899591)
    Suojauspäivitys Windows XP:lle (KB901214)
    The Sims Livin' Large
    TypingMaster Pro
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa wm828026]
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB871250
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB883939
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889293
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891711
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Hotfix - KB896727
    Windows XP Hotfix - KB897715
    Windows XP Hotfix (SP2) Q322011
    Windows XP Hotfix (SP2) Q327979
    Windows XP Hotfix (SP2) Q814995
    Windows XP Hotfix (SP2) Q819696
    Windows XP Hotfix- KB820291
    Windows XP Hotfix- KB821253
    Windows XP Hotfix- KB822603
    Windows XP Hotfix- KB823182
    Windows XP Hotfix- KB824105
    Windows XP Hotfix- KB824141
    Windows XP Hotfix- KB825119
    Windows XP Hotfix- KB826939
    Windows XP Hotfix- KB826942
    Windows XP Hotfix- KB828028
    Windows XP Hotfix- KB828035
    Windows XP Hotfix- KB828741
    Windows XP Hotfix- KB833987
    Windows XP Hotfix KB834707
    Windows XP Hotfix- KB835732
    Windows XP Hotfix- KB837001
    Windows XP Hotfix- KB839645
    Windows XP Hotfix- KB840315
    Windows XP Hotfix- KB840374
    Windows XP Hotfix- KB841873
    Windows XP Hotfix- KB842773
    Windows XP Hotfix- KB883357
    WinRAR v3.20

     
  9. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tuossa ei kyllä näkynyt mitään outoa. Hae tuolta -> http://koti.mbnet.fi/pattaya1/escanmwav.htm eScan, asenna se, päivitä ja skannaa ohjeiden sivulla olevien ohjeiden mukaan. Lähetä loki tänne sen jälkeen (maalaa siitä skannausikkunan alaosasta, kun skannaus on päättynyt, Virus Log Information-kohdasta rivit, kopioi ja liitä tänne). EI sitä koko lokia.

    Tässä ohjekuva:
    [​IMG]
     
    Viimeksi muokattu: 17.09.2005
  10. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    Tallentuuko se mihinkään, kun titenkään se ei sitte ottanu tuota copya ja se ei sitä kopioinu ja suljin sen jo. Siinä oli kyllä jokaisessa jotaki no action taken perässä.
     
    Viimeksi muokattu: 17.09.2005
  11. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tallentuu kyllä, hakemistoon C:\kaspersky nimellä mwav.log. Se on vaan niin järjettömän isokokoinen tiedosto, että sun täytyy siitä yrittää käsin löytää ne löydöt, missä luki no action taken. Jos onnistuu, lähetä ne rivit tänne (EI siis sitä koko pitkää lokia).
     
  12. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
    File C:\WINDOWS\System32\BO2802040113.dll tagged as not-a-virus:AdWare.VirtualBouncer.d. No Action Taken.
    File C:\WINDOWS\System32\KVIF_11.dll tagged as not-a-virus:AdWare.EZula.t. No Action Taken.
    File C:\WINDOWS\System32\KVIF_11.exe tagged as not-a-virus:AdWare.EZula.t. No Action Taken.
    File C:\WINDOWS\System32\msbb321.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
     
  13. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Katopas löytyykö sulta sellaista hakemistoa kun C:\program files\eZula
    Ja eti tosta samasta lokista vielä sanoilla "infected" ja "tagged as"(ilman lainausmerkkejä tietysti,siis ihan avaa vaikka muistioon ja Muokkaa -> Etsi), jos löytyis vielä muita.
     
    Viimeksi muokattu: 18.09.2005
  14. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    Tommonen löyty kun pisti tagged as: File C:\WINDOWS\System32\msbb321.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
    Tuolla toisella ei löytynyt mitään. Ja ei ole tuota ezulaa program filesissä.

     
  15. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Se on sama kun jo aiemmin. Haepas tuolta -> http://www.ewido.net/en/download/ ewido, päivitä se, skannaa sillä ja anna poistaa mitä löytää. Lähetä sitten sen loki tänne.
     
  16. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26

    HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Firefox\Profiles\oofkr8b8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Profiles\default\1ihgnn8k.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Esiasennettu\Application Data\Mozilla\Profiles\default\1ihgnn8k.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Esiasennettu\Cookies\esiasennettu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@download.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@downloads-zdnet.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Järjestelmänvalvoja\Cookies\järjestelmänvalvoja@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup
    C:\Program Files\WHENUS~1\Search.exe -> Adware.SaveNow : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\KVIF_11.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\KVIF_11.exe -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\system32\msbb321.dll -> Spyware.BargainBuddy : Cleaned with backup
     
  17. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jaaha, ewido löysi ja poisti kaikkea kivaa noiden eScanin löytöjen lisäksi :) Onkos tilttailu jo hävinnyt?
     
  18. jeejeeje

    jeejeeje Regular member

    Liittynyt:
    22.08.2005
    Viestejä:
    265
    Kiitokset:
    0
    Pisteet:
    26
    Vähentynyt on todellaki. Kiitti vaan avuista. Vieläki tilttailee jos esim pelaan jotakin ja painan alt+tab että pääse kattoo vaikka irkkiä.
     

Jaa tämä sivu