1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

hijackthis

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Aras88 23.11.2005.

  1. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Onks tässä logfile kunnossa?


    Logfile of HijackThis v1.99.1
    Scan saved at 17:27:12, on 23.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\TopText\wo.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Warez P2P Client\warez.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HbTools\Bin\4.7.0.0\HbtSrv.exe
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.inf...2gQNmEiPaODpqLdKGZSbnC_ihmNO67QKb1hVtG6dx.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
    O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
    O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü‰üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [EjgB0Ô*ú*ÀaîžaaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB09¿Ì*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô*ú]Mú*ÀaîžaaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ú]Mú*ÀaîžaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ÀaîžaaîžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³#  é"h'þ9ÓœU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [Á³#  è"h'þ9ÓœT3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    No ei sinne päinkään. Täynnä roskaa kone.

    Poista lisää/poista sovellus-kohdasta

    Ebates Moe Money Maker
    ISTsvc
    Hotbar
    Messenger Plus !3
    SpySpotter3
    TopText
    WebSecureAlert

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.info/VVGy7vSMbsDMvaBullFRVlB2gQNm...
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
    O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
    O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü‰üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [EjgB0Ô*ú*ÀaîžaaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB09¿Ì*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô*ú]Mú*ÀaîžaaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ú]Mú*ÀaîžaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ÀaîžaaîžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³# è"h'þ9ÓœT3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
    O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
    O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
    O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)

    Sitten käynnistä -> suorita -> services.msc Etsi listalta
    NvCplScan, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\Program Files\==>HbTools<==
    C:\DOCUME~1\Kevin\APPLIC~1\==>SCRDEF~1<==
    C:\WINDOWS\System32\==>onmhzdxp.exe<==
    C:\Program Files\==>ISTsvc<==
    C:\WINDOWS\==>xwwxvm.exe<==
    C:\WINDOWS\==>logon.exe<==
    C:\Program Files\==>MessengerPlus! 3<==
    C:\WINDOWS\system32\==>yghlzgsq.exe<==
    C:\Program Files\==>SpySpotter3<==
    C:\Documents and Settings\All Users\Application Data\==>PileLiesViewVc<==
    C:\DOCUME~1\Kevin\APPLIC~1\==>SITEID~1<==
    C:\PROGRA~1\==>TopText<==
    C:\Program Files\==>WebSecureAlert<==
    C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\==>V0.29.dat<==
    C:\WINDOWS\System32\==>nvsc32.exe<==
    C:\Program Files\==>Ebates_MoeMoneyMaker<==

    Käynnistä uudelleen. Hae täältä -> http://www.ewido.net/en/download
    ewido, asenna, päivitä ja skannaa. Anna poistaa mitä löytää, tallenna raportti. Lähetä ewidon raportti ja uusi HjT-loki.
     
    Viimeksi muokattu: 23.11.2005
  4. Wauva

    Wauva Member

    Liittynyt:
    24.11.2005
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 7:13:02, on 24.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\DC++\DCPlusPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido\security suite\SecuritySuite.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\HtJ\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
    O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Tossa mitään vikaa?
     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Wauwa: Olisit saanu laittaa omaan viestiketjuun, mutta menköön tämän kerran. Ja vikaa on :)

    Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

    SurfAccuracy

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
    O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
    O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
    O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

    Sitten käynnistä -> suorita -> services.msc. Etsi listalta;:

    Host Services
    MicroSoft Media Tools

    Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\DOCUME~1\Timo\APPLIC~1\==>WAVESO~1<==
    C:\Documents and Settings\All Users\Application Data\==>ReadmePeakBoltWait<==
    C:\Program Files\==>SurfAccuracy<==
    C:\Documents and Settings\Timo\Application Data\==>audio media vga<==
    C:\WINDOWS\==>svhosts.exe<==
    C:\WINDOWS\==>MSmedia.exe<==

    Käynnistä uudelleen ja lähetä uusi HjT-loki.





     
  6. Wauva

    Wauva Member

    Liittynyt:
    24.11.2005
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 11:50:32, on 24.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HtJ\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  7. aaxxeell

    aaxxeell Regular member

    Liittynyt:
    28.07.2005
    Viestejä:
    2,145
    Kiitokset:
    0
    Pisteet:
    46
    Vielä jäi:

    Lisää/poista sovellus kohdasta:
    SurfAccuracy (Jos löytyy)


    Fixaa:
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

    Vikasietotilassa(F8 koneen käynnistyksen yhteydessä):
    C:\Program Files\-->SurfAccuracy<--

    Kone normaali tilaan ja uusi loki tänne.
     
  8. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Tässä olis se uusi logi



    Logfile of HijackThis v1.99.1
    Scan saved at 21:35:44, on 24.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpqLdKGZSaGprc2qSe47gKb1hVtG6dx.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE





    Ja tässä olis se ewido reportti




    + Created on: 17:08:24, 24.11.2005
    + Report-Checksum: BE9EC54C

    + Scan result:

    HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}\TypeLib\\ -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FAC94900-96D9-47fa-BA33-7EF1BBFBBCEC}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
     
  9. aaxxeell

    aaxxeell Regular member

    Liittynyt:
    28.07.2005
    Viestejä:
    2,145
    Kiitokset:
    0
    Pisteet:
    46
    Jäi vielä muutama:

    Fixaa:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpq...
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    ----------------------------------------------------------------------------------
    Vinkkinä:

    Selaimeksi muu kuin Internet Explorer:
    Firefox: http://www.mozilla.org/products/firefox/ tai
    Opera: http://www.opera.com/

    SpywareBlaster
    Estää haitallisten activeX ja evästeiden asentumisen koneelle.
    Lataa -> http://www.javacoolsoftware.com/spywareblaster.html
    Ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/221085
    ------------------------------------------------------------------------------------
    eScan:illa läpi vielä kone:
    Ohjeet ja lataus -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
    Päivitä ja Scannaa koko kone sivun ohjeiden mukaan.
    Lähetä örkki tulokset (alempi laatikko) + uusi hjt!
     
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Hmmm, kun toi search bar-juttu ei lähteny, niin siellä voi olla "lopjob" takana. Tees aaxxeellin ohjeiden lisäks näin:

    Hae findlop -> http://metallica.geekstogo.com/findlop.zip

    Pura ja tuplaklikkaa findlop.bat
    Logi löytyy tuolta C:\findlop.txt, lähetä se tänne.
     
  11. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'Symantec NetDetect.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
    Parameters: ''
    WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
    Comment: 'Symantec NetDetect'
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 11/24/2005 23:14:00
    NextRun: 11/25/2005 11:14:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 11/25/2005
    EndDate: 00/00/0000
    StartTime: 03:14
    MinutesDuration: 1440
    MinutesInterval: 240
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'AE14984A91870C52.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\arman\applic~1\siteid~1\NewActiveDog.exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'arman'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 08/20/2005 20:00:00
    NextRun: 11/25/2005 11:00:00
    StartError: 0x80070005
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 10/06/1996
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


     
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Näin ajattelinkin :)

    Fixaa ensin HjT:llä nuo aaxxeellin sanomat jutut (toi R1-rivi voi olla jo erinäköinen, mutta se "nettiosoite" on kuitenkin siansaksaa)

    Hae KillBox

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Pura,avaa ja täppi kohtaan [bold]Delete on Reboot[/bold]
    Sitten kopioi rivi tosta alapuolelta

    C:\WINDOWS\Tasks\AE14984A91870C52.job

    Sitten KillBoxissa ylhäältä File > Paste from Clipboard
    Sen jälkeen paina Delete (punainen, jossa on valkonen X)
    Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

    Lähetä sen jälkeen uusi Hijack-logi.
     
  13. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    joo mä tein toon homman killboxilla ja käynnistin koneen ja tässä on se uus hijack-logi




    Logfile of HijackThis v1.99.1
    Scan saved at 11:34:23, on 25.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
     
  14. Zipp2

    Zipp2 Regular member

    Liittynyt:
    30.09.2005
    Viestejä:
    376
    Kiitokset:
    0
    Pisteet:
    26
    Scannasikko Ewidolla vikasietotilassa...logissa erroreita Altnet ja Hotbar.
     
  15. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Loki on ok. Toi Warez P2P Client ei ole kovin suositeltava p2p-ohjelma, sen mukana tulee spywarea ja muuta roskaa. Mutta jos välttämättä haluat käyttää sitä, en estä ;)
     
  16. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    ok! kiitos avusta ja neuvosta ;)
     
  17. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    ai niin ja yks juttu vielä kun tää kone ei oo mun vaan yhen mun kaverin niin kun se yrittää messengerillä vastaan ottaa tiedostoja sen koneen palomuuri estää vastaan ottamaan tiedostoja.

    ja en oikee tiedä kuinka korjata asian?:/

     
  18. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tarkoitatko, et mp3- ja exe-tiedostot ei tule perille? Siihen auttaa a-patch -> http://apatch.tk
     
  19. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    Mä latasin tään a-patch ohjelman mut mitä mun pitää siis tehdä ku tässä on jotain remove text box ja semmmoista?!
     
  20. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Valitse sieltä a-patchista "Remove File Transfer Protection". Sillä saa myös mainokset ym. pois, jos haluaa.
     
  21. Aras88

    Aras88 Regular member

    Liittynyt:
    21.05.2005
    Viestejä:
    114
    Kiitokset:
    0
    Pisteet:
    26
    siis kyllä ne mp3-tiedostot ja muut tulee perille mut sit tulee tiedote et palomuuri ei muka anna avata niitä ku siin voi olla virus riski?! :/

    ainakin mun kaveri sano niin ku tää ei oo mun kone vaan kaverini ja yritän korjata sitä.
     

Jaa tämä sivu