Hjtloki

Vieläkö näitä kukaan täällä tarkastelee, kaikki muut konstit on käytetty, mutta selain (ExP) hakee aina vaan väärän kotisivun...

Kiitos etukäteen...
---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:31:16, on 1.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\d3cl.exe
C:\WINDOWS\system32\ipkp32.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {15441FF2-7B4A-9558-4AB1-B594DAA19E8A} - C:\WINDOWS\system32\d3wt.dll (file missing)
O2 - BHO: Class - {1801F44A-11C5-3365-9CE5-4056514DC0D7} - C:\WINDOWS\system32\atlip.dll (file missing)
O2 - BHO: Class - {39C21146-72F9-C00B-D47C-F100644447AE} - C:\WINDOWS\mskk32.dll (file missing)
O2 - BHO: Class - {3AF7AF61-E9EC-FF85-4730-D2B5711A9B30} - C:\WINDOWS\ipsf32.dll
O2 - BHO: Class - {41196237-BC88-9E50-C0A8-41D2474D43DF} - C:\WINDOWS\sysfd32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {5C72B122-9904-E5BD-4093-348A5AD1BEF5} - C:\WINDOWS\crpb32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Class - {98BEE562-A984-68F6-3C3D-5BA8C901DC71} - C:\WINDOWS\system32\atlzb32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AE963F47-BC89-BD0D-3AE9-19865D9B1BB7} - C:\WINDOWS\system32\ntrf.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Class - {DE09C871-7AD6-BF98-DB2E-7655E7D848F1} - C:\WINDOWS\system32\mfchj.dll (file missing)
O2 - BHO: Class - {FCB8770E-2441-C956-E35E-C9C4850ADE15} - C:\WINDOWS\system32\iety32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msow.exe] C:\WINDOWS\system32\msow.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [20.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [36.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
O4 - HKLM\..\Run: [42.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
O4 - HKLM\..\Run: [d3xq.exe] C:\WINDOWS\d3xq.exe
O4 - HKLM\..\Run: [javafk.exe] C:\WINDOWS\javafk.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\system32\sdkar.exe
O4 - HKLM\..\Run: [d3cl.exe] C:\WINDOWS\system32\d3cl.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipkp32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Joo, toi on aika paha örkki.

Laita piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Hae CWShredder täältä -> http://www.intermute.com/spysubtract/cwshredder_download.html

Päivitä, mutta älä käytä sitä vielä

Hae aboutbuster -> http://koti.mbnet.fi/pattaya1/aboutbuster.htm , päivitä se, mutta älä käytä sitäkään vielä.

Hae Registrar Lite -> http://www.resplendence.com/reglite/ ja asenna se hakemistoon C:\Program Files\RegLite\ .


Lataa ja asenna Ewido -> http://www.ewido.net/en/download/
Päivitä se, mutta älä käytä vielä.


Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Sammuta prosessit tiedostojenhallinnasta:

C:\WINDOWS\system32\d3cl.exe (varmaan näkyy siis pelkkänä d3cl.exenä)
C:\WINDOWS\system32\ipkp32.exe (varmaan näkyy siis pelkkänä ipkp32.exenä)

Poista seuraavat tiedostot, jos löytyy:

C:\WINDOWS\system32\zpxjv.dll
C:\WINDOWS\system32\d3wt.dll
C:\WINDOWS\system32\atlip.dll
C:\WINDOWS\mskk32.dll
C:\WINDOWS\ipsf32.dll
C:\WINDOWS\sysfd32.dll
C:\WINDOWS\crpb32.dll
C:\WINDOWS\system32\atlzb32.dll
C:\WINDOWS\system32\ntrf.dll
C:\WINDOWS\system32\mfchj.dll
C:\WINDOWS\system32\iety32.dll
C:\WINDOWS\system32\msow.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
C:\WINDOWS\d3xq.exe
C:\WINDOWS\javafk.exe
C:\WINDOWS\system32\sdkar.exe
C:\WINDOWS\system32\d3cl.exe
C:\WINDOWS\system32\ipkp32.exe

Sitten sulje kaikki ohjelmat ja käynnistä hijackthis. Merkkaa nämä ja klikkaa fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zpxjv.dll/sp.html#88449%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {15441FF2-7B4A-9558-4AB1-B594DAA19E8A} - C:\WINDOWS\system32\d3wt.dll (file missing)
O2 - BHO: Class - {1801F44A-11C5-3365-9CE5-4056514DC0D7} - C:\WINDOWS\system32\atlip.dll (file missing)
O2 - BHO: Class - {39C21146-72F9-C00B-D47C-F100644447AE} - C:\WINDOWS\mskk32.dll (file missing)
O2 - BHO: Class - {3AF7AF61-E9EC-FF85-4730-D2B5711A9B30} - C:\WINDOWS\ipsf32.dll
O2 - BHO: Class - {41196237-BC88-9E50-C0A8-41D2474D43DF} - C:\WINDOWS\sysfd32.dll (file missing)
O2 - BHO: Class - {5C72B122-9904-E5BD-4093-348A5AD1BEF5} - C:\WINDOWS\crpb32.dll (file missing)
O2 - BHO: Class - {98BEE562-A984-68F6-3C3D-5BA8C901DC71} - C:\WINDOWS\system32\atlzb32.dll (file missing)
O2 - BHO: Class - {AE963F47-BC89-BD0D-3AE9-19865D9B1BB7} - C:\WINDOWS\system32\ntrf.dll (file missing)
O4 - HKLM\..\Run: [msow.exe] C:\WINDOWS\system32\msow.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [20.tmp] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [20.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\20.tmp.exe
O4 - HKLM\..\Run: [36.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\36.tmp.exe
O4 - HKLM\..\Run: [42.tmp.exe] C:\DOCUME~1\Severi\LOCALS~1\Temp\42.tmp.exe
O4 - HKLM\..\Run: [d3xq.exe] C:\WINDOWS\d3xq.exe
O4 - HKLM\..\Run: [javafk.exe] C:\WINDOWS\javafk.exe
O4 - HKLM\..\Run: [sdkar.exe] C:\WINDOWS\system32\sdkar.exe
O4 - HKLM\..\Run: [d3cl.exe] C:\WINDOWS\system32\d3cl.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipkp32.exe

Sitten käynnistä -> suorita -> services.msc -> ok
Etsi listalta Workstation NetLogon Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

SULJE KAIKKI IKKUNAT paitsi CWShredder

Aja ohjelma painamalla fix ja anna korjata kaikki mitä löytää.

Skannaa aboutbusterilla kaksi kertaa ja säästä loki.

Skannaa ewidolla ja anna poistaa, mitä löytyy. Tallenna loki ja postita se tänne.

Käynnistä kone normaalisti

Postita hijackthisin, aboutbusterin ja ewidon lokit.

 

Logfile of HijackThis v1.99.1
Scan saved at 17:34:49, on 1.1.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:31:31, 1.1.2006
+ Report-Checksum: 7955248B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4095AAF5-BAD2-A97D-D64C-566A52E35C2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61682029-A490-5C49-D9FD-682FB2DA97AF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8424A742-21C5-E92B-D6A5-2B565D796258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{983BCD03-BAD0-48DD-7123-2CEA9002484D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC06F6E-F261-4E44-CF1D-B1EA9712EF4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB537FC9-E3D4-FBBF-80FD-2CDE0ABCC38B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2E5E32B-0FD0-16A5-10FE-EDA2D4478683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D223F02D-058E-2CFE-D02D-81826009252B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFC94122-75A0-85E3-3738-430A8B983C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Severi\Cookies\severi@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup


::Report End

Tässä nämä... Aboutbuster ei toiminut loppuun, valitti korruptoituneesta fileestä..comcti32.ocx.

Selain ainakin pelitää ja kone muuten Ok..

 

HjT-loki on ok. Ihmettelen vaan, miksei ZoneAlarm ja AntiVir ole päällä?
Vai onko tuo HjT-loki otettu vikasietotilassa? Käynnistithän koneen uudelleen ennen lokin ottamista? Jos et, niin lähetä uusi HjT-loki.
Ja sitten windows updateen niin kun olis jo

 

Moi

Onko se tiedosto todella nimeltään comcti32.ocx vai olisiko se sittenkin comctl32.ocx ?

Katoppa sieltä kansiosta minne asensit AboutBusterin , sieltä pitäisi löytyä seuraava tiedosto [bold]Read Me.rtf[/bold] ja lue se tarkkaan. Löytyy mm. seuraavaa

PS. TÄRKEÄÄ ! Päivitä koneesi päivitykset kuntoon kunhan se on puhdistettua näistä "örkeistä".

 

Kerkisit jo sanoa tuon

 

Kiitoksia ...

Juu tuli tosiaan ajettua se Hjt-loki vikasietotilassa.. mutta ilmeisesti ei haittaa..

Varmaankin se .ocx on comctl32.ocx ) tarkistan sen..

Kone kuitenkin nyt pelittää...

 

manix sulla ei oo vissiin ollenkaa sp kakka pakkeja? pistä ny ihmees ees yks.. voi kyllä olla väärässä katoin kyllä tos logias ei näkyny.. tai olen sitte sokea..

 

@pclekuri....

Vastahan -kemisti- ja winxp kerkesivät asiasta mainita, mutta nyt viimeistään asia meni perille =)

Joskos minäkin vielä. @manix51 Nyt hetipaikalla Windows updateen!

 

@manix51: Lähetä sitten vielä normaalitilassa otettu HjT-loki.