1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Suoritinkäyttö 100%

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi Kaakatus 25.09.2005.

  1. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Joo, näyttää olevan ruuhkaa. Suurin osa niistä ewidon löydöistä on varmaan ihan evästeitä (ainakin toivon niin ;)
     
  2.  
  3. Kaakatus

    Kaakatus Regular member

    Liittynyt:
    29.06.2005
    Viestejä:
    1,776
    Kiitokset:
    0
    Pisteet:
    46
    Juu, kaikenmaailman cookiesseista se selittää.
     
  4. Kaakatus

    Kaakatus Regular member

    Liittynyt:
    29.06.2005
    Viestejä:
    1,776
    Kiitokset:
    0
    Pisteet:
    46
    Tuossa vielä tuon Ewidon logi. Scannauksen päätyttyä se ilmoitti ettei onnistu poistamaan noita yllämainittuja filuja, mutta annoin sen poistaa koko kansion.


    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 18:03:49, 26.9.2005
    + Report-Checksum: 3243D64B

    + Scan result:

    :mozilla.7:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.112:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.146:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.235:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.236:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.237:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.238:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.239:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.267:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.293:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.294:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.299:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.302:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.303:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.304:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.314:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.351:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Xhit : Cleaned with backup
    :mozilla.355:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.358:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.366:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.367:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.368:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.379:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.380:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.394:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.403:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\a4n6p4sy.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
    D:\build\filerepository\Microsoft-Windows-CoreUserModePnp-DriverCab_4e9013d9\driver.cab/pctspk.exe -> Worm.Bobic.k : Error during cleaning
    D:\System Volume Information\_restore{C6641566-548E-48A0-B121-91A77CBD83AB}\RP155\A0032180.exe -> Spyware.MyWebSearch : Cleaned with backup
    D:\Windows\Driver Cache\i386\driver.cab/pctspk.exe -> Worm.Bobic.k : Error during cleaning
    D:\Windows\WinSxS\x86_microsoft-windows-c..ermodepnp-drivercab_31bf3856ad364e35_6.0.5112.0_neutral_81468488fc3eb132\driver.cab/pctspk.exe -> Worm.Bobic.k : Error during cleaning


    ::Report End
     
  5. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Joo ei tossa muuta kun noi Worm Bobic.K-rivit. Yritä tarkistaa ne tiedostot siellä jotissa, kun sinne vaan pääsee.
     
  6. Kaakatus

    Kaakatus Regular member

    Liittynyt:
    29.06.2005
    Viestejä:
    1,776
    Kiitokset:
    0
    Pisteet:
    46
    Okei, ongelma ratkesi. Olin tässä vähän aika sitten innostunu skineillä leikkimään. Sitten vaihdoin Style xp:stä tuohon Windowsblinds:iin. Homma toimikin jonkun aikaa kunnes siinä sekoillessani sekotin vähän skinit miten sattuu ja esim. käynnistäpalkki ei suostunut kuin vaihtamaan väriä. No aattelin että kyllä sen homman joskus korjaa. Sitten tuossa toissa yönä laitoin c:n eheytykseen. Aamulla kun starttasin koneen uudelleen, oli se ihan jumissa, kunne sitten äskettäin tajusin ottaa tuon Windowsblindinsin pois päältä ihan kokeeks. Homma vauhdittuikin heti. ISO KIITOS kuitenkin kaikille keskusteluun vaivautuneille.

    Edit: Pikku virheitä
     
    Viimeksi muokattu: 26.09.2005
  7. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ok. Hyvä homma, että selvisi :)
     
  8. zd_

    zd_ Member

    Liittynyt:
    31.10.2004
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Voisitteko auttaa minuakin samankaltaisessa ongelmassa, kun en oikein tästä mitään ymmärrä, kun koneen suoritinkäyttö on kokoajan 98-100% vaikka ei olisi mitään irkkiä raskaampaa ohjelmaa käytössä, olen skannannut koneen Spybot-Search&destroylla, ja AVG virusohjelmalla useampaan kertaan, eikä mitään löydy.
    Tässä vielä Hijackthisin logi jos yhtään helpottaa.


    Logfile of HijackThis v1.99.1
    Scan saved at 14:33:03, on 24.10.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Java\j2re1.4.1_02\bin\javaw.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\FinnishIRC XP\FIRC.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Opera75\opera.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
    C:\hij\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lqyedjlkkrudlkzahz.com/R...VGhqSoeo/30uMD/OXKjVMUoNMO1/BHII/in_RKS7X.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ghxnousdkcsv.com/RQQNkzCtaQuloqGVVZ2KSDWfK4x8x_PluaEJ3oixyl4.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {95704215-9F67-08F6-2A2A-49ADA73933DD} - C:\DOCUME~1\Omistaja\APPLIC~1\MESSLO~1\comp iso.exe
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Math internet mess stupid] C:\Documents and Settings\All Users\Application Data\Bytebluemathinternet\Peak Book.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [stupid find user team] C:\Documents and Settings\All Users\Application Data\GlueBookStupidFind\about media.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [TWO FORD] C:\DOCUME~1\Omistaja\APPLIC~1\OPTION~1\FUNK01ERROR.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

     
  9. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Loppejahan siellä on riittävästi ja mese+ syypää.

    Poista lisää/poista sovellus-kohdasta:

    Messenger Plus! 3

    Fixaa HjT:llä ( do a system scan only, merkkaa nämä ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lqyedjlkkrudlkzahz.com/RQQNkzCtaQsODwuzbD9Jz_3VGhqSoeo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ghxnousdkcsv.com/RQQNkzCtaQuloqGVVZ2KSDWfK4x8x_PluaEJ3...
    O2 - BHO: (no name) - {95704215-9F67-08F6-2A2A-49ADA73933DD} - C:\DOCUME~1\Omistaja\APPLIC~1\MESSLO~1\comp iso.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Math internet mess stupid] C:\Documents and Settings\All Users\Application Data\Bytebluemathinternet\Peak Book.exe
    O4 - HKLM\..\Run: [stupid find user team] C:\Documents and Settings\All Users\Application Data\GlueBookStupidFind\about media.exe
    O4 - HKCU\..\Run: [TWO FORD] C:\DOCUME~1\Omistaja\APPLIC~1\OPTION~1\FUNK01ERROR.exe

    Laita piilotiedostot näkyviin, ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Käynnistä vikasietotilaan (F8 käynnistyken yhteydessä) ja poista:

    C:\DOCUME~1\Omistaja\APPLIC~1\==>MESSLO~1<==
    C:\Program Files\==>Messenger Plus! 3<==
    C:\Documents and Settings\All Users\Application Data\==>Bytebluemathinternet<==
    C:\Documents and Settings\All Users\Application Data\==>GlueBookStupidFind<==
    C:\DOCUME~1\Omistaja\APPLIC~1\==>OPTION~1<==
    C:\Windows\==>ALCXMNTR.EXE<==

    Käynnistä uudestaan ja lähetä uusi HjT-loki.

     
    Viimeksi muokattu: 24.10.2005
  10. zd_

    zd_ Member

    Liittynyt:
    31.10.2004
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Miltäs nyt näyttää?

    Logfile of HijackThis v1.99.1
    Scan saved at 16:21:18, on 24.10.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hij\HijackThis.exe
    C:\Program Files\Opera75\opera.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dsaihxxygruvlpvhmozodhmm...GhqSoeo/30uMD/OXKjWmtOtBSgVlp4I/in_RKS7X.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

     
  11. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
  12. zd_

    zd_ Member

    Liittynyt:
    31.10.2004
    Viestejä:
    21
    Kiitokset:
    0
    Pisteet:
    11
    Ei ole enää. Ongelma ratkesi, kiitoksia paljon :)
     
  13. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ole hyvä :)
     

Jaa tämä sivu