critical system error

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi finbase58 01.10.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. finbase58

    finbase58 Member

    Liittynyt:
    28.12.2004
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    tehtäväpalkissa vilkkuu kysymysmerkki/kieltomerkki jota painamalla joutuu nettisvuille jotka tarjoavat virusohjelmia, mikähän vikana

    HJT:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:02:03, on 1.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\VideosCodec\isamonitor.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    C:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\VideosCodec\pmmon.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\F-Secure\Anti-Virus\fsgk32st.exe
    C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\F-Secure\Anti-Virus\FSGK32.EXE
    C:\F-Secure\Common\FSMA32.EXE
    C:\F-Secure\Anti-Virus\fssm32.exe
    C:\F-Secure\Common\FSMB32.EXE
    C:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\svchost.exe
    C:\F-Secure\Common\FCH32.EXE
    C:\F-Secure\Common\FAMEH32.EXE
    C:\F-Secure\Common\FNRB32.EXE
    C:\F-Secure\FWES\Program\fsdfwd.exe
    C:\F-Secure\Common\FIH32.EXE
    C:\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Sakke\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    C:\DOCUME~1\Sakke\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    C:\Program Files\VideosCodec\isamini.exe
    C:\Program Files\Windows ServeAd\WinServAd.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\VideosCodec\isaddon.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\VideosCodec\iesplugin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm352YYFI
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\F-Secure\Common\FSMA32.EXE
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


    -------------------------------------------------------------
    Ja tässä:
    SmitFraudFix v2.104

    Scan done at 22:55:59,35, su 01.10.2006
    Run from C:\Documents and Settings\Sakke\Ty”p”yt„\Uusi kansio\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\titiau.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sakke


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sakke\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sakke\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\VideosCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"="eeler"

    [HKEY_CLASSES_ROOT\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
    @="C:\WINDOWS\system32\titiau.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
    @="C:\WINDOWS\system32\titiau.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    KIITOS vastauksesta etukäteen!































    .
     
    finbase58, 01.10.2006
    #1
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Poista lisää/poista sovelluksesta:

    Windows ServeAd

    Fixaa nämä:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm352YYFI[/b]


    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Poista:

    C:\Program Files\Windows ServeAd


    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Lähetä sen sisältö ja uusi HjT-loki tänne.
     
    -kemisti-, 02.10.2006
    #2
  4. finbase58

    finbase58 Member

    Liittynyt:
    28.12.2004
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    Tässä tämä rabortti, nyt ainakin kone vaikuttaa puhtaalta eikä tehtäväpalkissa ole ylimääräisiä igoneja, Kiitos neuvoista

    SmitFraudFix v2.104

    Scan done at 17:54:36,03, ma 02.10.2006
    Run from C:\Documents and Settings\Sakke\Ty”p”yt„\SitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"="eeler"

    [HKEY_CLASSES_ROOT\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
    @="C:\WINDOWS\system32\titiau.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32]
    @="C:\WINDOWS\system32\titiau.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\titiau.dll -> Hoax.Win32.Renos.gen.e
    C:\WINDOWS\system32\titiau.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    Problem while deleting C:\Program Files\VideosCodec\

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

    C:\Program Files\VideosCodec Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» End
    ---------------------------------------------------
    Ja tässä uusi
    Logfile of HijackThis v1.99.1
    Scan saved at 16:36:00, on 3.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    C:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\F-Secure\Anti-Virus\fsgk32st.exe
    C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\F-Secure\Anti-Virus\FSGK32.EXE
    C:\F-Secure\Common\FSMA32.EXE
    C:\F-Secure\Anti-Virus\fssm32.exe
    C:\F-Secure\Common\FSMB32.EXE
    C:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\WINDOWS\System32\svchost.exe
    C:\F-Secure\Common\FCH32.EXE
    C:\F-Secure\Common\FAMEH32.EXE
    C:\F-Secure\Common\FNRB32.EXE
    C:\F-Secure\FWES\Program\fsdfwd.exe
    C:\F-Secure\Common\FIH32.EXE
    C:\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\VideosCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm352YYFI
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\F-Secure\Common\FSMA32.EXE
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

     
    finbase58, 03.10.2006
    #3
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Avaa HijackThis, klikkaa do a system scan only, laita rasti näiden rivien eteen ja paina fix checked:

    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\VideosCodec\isaddon.dll (file missing)
    O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
    O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm352YYFI[/b]

    Päivitä Java.

    Käynnistä uudelleen ja lähetä uusi HjT-loki.
     
    -kemisti-, 03.10.2006
    #4
  6. finbase58

    finbase58 Member

    Liittynyt:
    28.12.2004
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    No niin, nyt pitäis olla kaikki tehty ohjeiden mukaan ja tässä olis uusi logi katsottavaksi.
    Kiitos vaivannäöstä :)

    Logfile of HijackThis v1.99.1
    Scan saved at 19:56:46, on 6.10.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    C:\F-Secure\Common\FSM32.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\F-Secure\Anti-Virus\fsgk32st.exe
    C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\F-Secure\Anti-Virus\FSGK32.EXE
    C:\F-Secure\Common\FSMA32.EXE
    C:\F-Secure\Anti-Virus\fssm32.exe
    C:\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\F-Secure\Common\FCH32.EXE
    C:\F-Secure\Common\FAMEH32.EXE
    C:\F-Secure\Common\FNRB32.EXE
    C:\F-Secure\FWES\Program\fsdfwd.exe
    C:\F-Secure\Common\FIH32.EXE
    C:\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Sakke\Omat tiedostot\Omat musiikkitiedostot\Musiikki ohjelmat\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\F-Secure\TNB\TNBUtil.exe" /CHECKALL
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\F-Secure\Common\FSMA32.EXE
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


     
    finbase58, 06.10.2006
    #5
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jep, näyttää hyvältä. Vielä ongelmia?
     
    -kemisti-, 06.10.2006
    #6
  8. finbase58

    finbase58 Member

    Liittynyt:
    28.12.2004
    Viestejä:
    44
    Kiitokset:
    0
    Pisteet:
    16
    No problem, Kiitos avusta!
     
    finbase58, 07.10.2006
    #7
  9. klapa

    klapa Member

    Liittynyt:
    19.10.2006
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Näytössä oikealla alhaalla vilkkuu myös Critical system error! Miten saada pois? Olen yrittänyt käyttää SmitfraudFix-ohjelmaa sekä xoft spy:tä ????
    Tässä HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 15:24:51, on 19.10.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\vsnpstd3.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\System32\zstatus.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\koti\Työpöytä\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sampo.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{FB08F~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{FB08F~1\reboot.ini
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144935678078
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


    Kiitollisena odottaen
    Klapa
     
    klapa, 19.10.2006
    #8
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Klapa: mikäs versio on smitfraufixistä? Jos se on vanhempi kuin 2.110, niin poista se ensin.

    Lataa SmitfraudFix (c) S!Ri
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.
     
    -kemisti-, 19.10.2006
    #9
  11. klapa

    klapa Member

    Liittynyt:
    19.10.2006
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    SmitFraudFix v2.81

    Scan done at 15:45:57,31, to 19.10.2006
    Run from C:\Documents and Settings\koti\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Myllym„ki\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MYLLYM~1\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

    [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    klapa, 19.10.2006
    #10
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @Klapa: poista tuo smitfraudfix, se on ikivanha versio eikä tunnista sitä mitä sulla on, lataa sitten uusin versio antamastani linkistä. Sitten toimi edellisten ohjeideni mukaan :)
     
    Viimeksi muokattu: 19.10.2006
    -kemisti-, 19.10.2006
    #11
  13. klapa

    klapa Member

    Liittynyt:
    19.10.2006
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    SmitFraudFix v2.110

    Scan done at 15:54:52,31, to 19.10.2006
    Run from C:\Documents and Settings\koti\Ty”p”yt„\SmitfraudFix2\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\gqagksr.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Myllym„ki


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Myllym„ki\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MYLLYM~1\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\SoftCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

    [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    klapa, 19.10.2006
    #12
  14. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix-kansio ja tuplaklikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Lähetä sen sisältö ja uusi HjT-loki tänne.
     
    -kemisti-, 19.10.2006
    #13
  15. klapa

    klapa Member

    Liittynyt:
    19.10.2006
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    SmitFraudFix v2.110

    Scan done at 16:03:58,68, to 19.10.2006
    Run from C:\Documents and Settings\koti\Ty”p”yt„\SmitfraudFix2\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

    [HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
    @="C:\WINDOWS\system32\gqagksr.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\gqagksr.dll -> Hoax.Win32.Renos.gen.e
    C:\WINDOWS\system32\gqagksr.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\SoftCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    klapa, 19.10.2006
    #14
  16. klapa

    klapa Member

    Liittynyt:
    19.10.2006
    Viestejä:
    5
    Kiitokset:
    0
    Pisteet:
    11
    Nyt toimii!
    Suuri kiitos.
    Klapa
     
    klapa, 19.10.2006
    #15
  17. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @klapa: Ole hyvä :)
     
    -kemisti-, 19.10.2006
    #16
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu