Taustakuva meni ja kone ilmottelee spywaresta??

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi TooMuch 06.12.2005.

  1. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Niin.. huomasin että jollain muullakin on ollu sama ongelma eli taustakuvaksi tulee ilmoitus spywaresta ja oikeaan alalaitaan ilmestyy vähän väliä keltainen laatikko missä lukee "YOUR COMPUTER IS INFECTED!" Niin ja kotisivu muuttuu koko ajan "c:\secure32.html" -osoitteeksi vaikka vaihtaa sen.

    Yritin katsoa täältä ohjetta, mitä muille on annettu ja tein alun samalla lailla mitä oli niille sanottu: ELI latasin Hijackthis:n ja skannasin sillä ja otin login:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:41:32, on 6.12.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\paytime.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\winstall.exe
    C:\WINDOWS\System32\paytime.exe
    C:\WINDOWS\System32\sywsvcs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\cidaemon.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDYyMDkzNTA5&ver=2.1.0.0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll (file missing)
    O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\RunOnce: [0006 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/a1bin0us.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...24ea33ea35f4:f992a2588cd01150ad693e854e5c9a60
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c266.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    eli mitäs nyt pitäis tehdä? Luin tuolta ettei kannata omin päin mitään poistelemaan mennä eli toivottavasti joku vois auttaa.
     
  2.  
  3. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

    180search Assistant
    Media Access

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDY...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.0.1\SmrtShpr.dll (file missing)
    O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)
    O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
    O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105} - C:\Program Files\180search Assistant Programs\180search Toolbar\180ST.dll
    O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/a1bin0us.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=638c04efabf409...
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c266.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.114.5,85.255.112.112
    O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    c:\==>secure32.html<==
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\==>ibm00001.exe<==
    C:\WINDOWS\Downloaded Program Files\==>sponsoradulto.dll<==
    C:\Program Files\==>180search Assistant Programs<==
    C:\PROGRA~1\==>MEDIAA~1<==
    C:\WINDOWS\System32\==>paytime.exe<==
    C:\==>winstall.exe<==
    C:\WINDOWS\System32\==>sywsvcs.exe<==

    Käynnistä uudelleen.

    Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
    Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.

    Hae ewido -> http://www.ewido.net/en/download

    Asenna, päivitä, skannaa. Anna poistaa, mitä löytää ja tallenna raportti.

    Lähetä uusi HjT-loki, C:\fixwareout\report.txt-tiedoston sisältö ja ewidon raportti tänne.

    Ja se taustakuvajuttu. Kokeile ensin tätä: Klikkaa hiiren oikealla työpöytää -> ominaisuudet -> työpöytä -> mukauta työpöytää. Jos Web-välilehdellä on joku Security-juttu, niin poista se.
     
    Viimeksi muokattu: 06.12.2005
  4. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    okei... koitan noita. Lähetän login sitten...
     
  5. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Nonii kesti "aika" kauan mut...

    Aluks huomasin heti että tehtyä noi ekat jutut se "varoitusviesti" häippäs tuolta oikeesta alalaidasta. Sitten myös kotisivu vaihtu normaaliin.

    Taustakuva on vielä virheellinen. Poistin Security jutun sieltä Työpöydän asetuksista, muttei auttanut. Valikossa josta voi valita työpöydän taustakuvan on alimmaisena desktop.html tiedosto ja valikko on lukittu eli ei voi valita mieleistään. Etsin ja poistin tuon .html tiedoston, ja meni parempaan päin eli tekti/kuva hävisi virheelliseltä taustakuvalta mutta vielä on täyssininen väri taustakuvana.

    Ewido lopetti 50% skannauksen mutta luulen että pahimmat poistamiset meni jo alkupuoliskolla.

    Tässä on vielä hjt:n ja fixwareoutin logit:

    FWO:

    Check for missing files
    .....
    C:\WINDOWS\system32\AUTOEXEC.NT not there
    .....
    End check for missing files
    .....
    VXD Check
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
    "VDD"=hex(7):00
    .....
    End vxd check
    .....
    please post this at the forum




    HJT:


    Logfile of HijackThis v1.99.1
    Scan saved at 13:46:20, on 6.12.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [0006 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    eli onko kaikki ok? Taustakuvan osalta ei ole sen tiedän mutta muuten..?
     
    Viimeksi muokattu: 06.12.2005
  6. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ei ole loki kunnossa. Ja tiedoksi, että nettiyhteytesi tulee tällä hetkellä Valko-Venäjältä :)

    Tehdään näin:

    Käynnistä vikasietotilaan ja fixaa nämä:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112

    Sitten skannaa sillä ewidolla siellä vikasietotilassa. Käynnistä uudelleen, lähetä uusi HjT-loki ja ewidon raportti. Lisäksi hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja etsi hakusanalla "desktop.html". Jos antivirus valittaa, anna ajaa. Lähetä tulokset tänne.
     
    Viimeksi muokattu: 06.12.2005
  7. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Valko-Venäjältä??? :D

    joo, mut... toi vikasietotila muutes nii koitin painaa tota F8:aa siinä käynnistäessä konetta mut ei tullu mitää vikasietotilaan viittaavaa? Ihan normaalisti käynnisty ja näyttiki..?

    niin ja mitä toi vikasietotila tekee eli onko se pakollinen jos ei pääse siihen?
     
    Viimeksi muokattu: 06.12.2005
  8. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Sieltä tulee, juu :)

    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112

    Nämä nimipalvelimet, joilta saat ip:si, ovat Valko-Venäjällä.

    Naputtele sitä F8:a käynnistyksen yhteydessä, kunnes tulee valikko. Valitse siitä vikasietotila. Kyllä se on vähän niinkuin pakollinen, jos esim. ewido ei skannannut loppuun asti. Tarkisti ehkä vain rekisterin eikä ollenkaan tiedostoja. Ja saitko poistettua nämä ilman sitä vikasietotilaa?

    c:\==>secure32.html<==
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\==>ibm00001.exe<==
    C:\WINDOWS\Downloaded Program Files\==>sponsoradulto.dll<==
    C:\Program Files\==>180search Assistant Programs<==
    C:\PROGRA~1\==>MEDIAA~1<==
    C:\WINDOWS\System32\==>paytime.exe<==
    C:\==>winstall.exe<==
    C:\WINDOWS\System32\==>sywsvcs.exe<==
     
    Viimeksi muokattu: 06.12.2005
  9. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Joo, näpyttelin aiemmin F8 minkä kerkesin muttei mitää valikkoa tullut. Sain kylläkin poistettuu ne mainitsemasi tiedostot. Koitan nyt sitä vikasietotilaa vielä saada mutta en tiiä sitten. Kannattaakohan edes yrittää ewidonnilla jos ei pääse vikasietotilaan?

    Niin ja tässä on tuon registry search toolsin tulos:

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "desktop.html" 6.12.2005 14:36:30

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "Wallpaper"="C:\\WINDOWS\\desktop.html"
     
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Kannattaa yrittää silti skannata uudelleen. Jollei onnistu, niin skannataan sitten yhdellä toisella ohjelmalla.

    Tee ensin varmuuskopio rekisteristä seuraavasti:

    Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

    Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot):

    Windows Registry Editor Version 5.00

    [-HKEY_USERS\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "Wallpaper"="C:\\WINDOWS\\desktop.html"

    Tuplaklikkaa, paina kyllä ja ok. Käynnistä kone uudelleen. Taustakuvan pitäisi olla nyt normaali :)
     
    Viimeksi muokattu: 06.12.2005
  11. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Ok, skannaan nyt tuolla Ewidolla jos vaikka onnistuisi. Teen tuon regeditin sitten vaikka sen jälkeen. Tässäpä tämä itsenäisyyspäivä menee mukavasti konetta korjaillessa :D hyvä että sattuu vapaapäivä olemaan.
     
    Viimeksi muokattu: 06.12.2005
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tuolla on ohjeet, miten koneen saa toisella tavalla käynnistettyä vikasietotilaan -> http://www.pchell.com/support/safemode.shtml
    Alkaa kohdasta "To use the System Configuration Utility method".
    Kokeile niitä, jos ewidon skanni ei mene loppuun asti.
     
    Viimeksi muokattu: 06.12.2005
  13. spertti

    spertti Active member

    Liittynyt:
    01.06.2005
    Viestejä:
    1,222
    Kiitokset:
    0
    Pisteet:
    66
    -kemisti- Tuo onkin jatkossa hyvä tietää, että tuon vikasietotilan saa xp:ssä päälle muutenkin, kuin F8:a naputtelemalla. Itsellä ainakin keskimäärin joka kolmannella kerralla onnistun painamaan oikeaan aikaan... Jostain syystä tää kikotin on erittäin tarkka siitä missä kohtaa sitä painaa, ja jos painat liian aikaisin ei valikkoon pääse ollenkaan. Eli suomenkielisessä xp:ssä tuo menee näin: Käynnistä>suorita>msconfig>boot.ini>/SAFEBOOT>ok
     
  14. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    joo, hyvä... nyt näyttäis että ewidon menis aina loppuun saakka, mut hyvä kumminki tietää toi kun taitaa munki kone olla aika tarkka siitä ajotuksesta. :)
     
  15. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    vois noita pelejäki tästä koneelta vähennellä ku tossa skannauksessaki menee semmoset 5-10 min yhteen pelikansioon nii kestää hiukan.
     
  16. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    nonii... nyt meni toi ewido aina 80% saakka mut sitte tuli stoppi. Veikkaan että syynä on toi Star Wars Jedi Knight peli, koska viime kerrallaki ku stoppas nii tais olla kyseessä saman pelin jotai tiedostoja joita Ewido sitte syystä tai toisesta ei oikee avaa. No ajattelin että tekee vikasietotilassa huomenna ton ewidon uudestaa kunhan on poistanu ton SWJK -pelin.

    Niin, tein sen fix.reg jutun ja se toimi! Nyt on kaikki periaatteessa mitä tavoitteenaki oli niin tehty toimivaksi. TOSI iso kiitos sinne kemistille!! Teen siis vielä ewidolla huomenissa skannauksen uusiks mutta nyt on jo voiton puolella tän koneen kanssa. Tänää en enää jaksa alkaa säätää enempää ku menny tässä jo suht paljon aikaa. Mut joo, kiitti vielä kerran!
     
  17. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ole hyvä ja palataan asiaan siis huomenna :)
     
  18. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Joo, sori en eilen ehtiny tehä mitää koneelle nii nyt koitan tota ewidoo vikasietotilassa...
     
  19. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Juu, ei mitään :)

    Fixaa myös nämä siellä vikasiedossa:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.114.5 85.255.112.112

    Ja lähetä uusi HjT-loki ja ewidon raportti, jos skanni onnistui.
     
  20. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    dodiih... tässä:

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:38:31, on 8.12.2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [0006 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    Ewido:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 17:27:45, 8.12.2005
    + Report-Checksum: 5EA90B14

    + Scan result:

    HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -> Spyware.TVMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Contact.Contacts -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbHostIE.Bho -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbHostIE.Bho\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbHostIE.Bho\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbHostIE.Bho.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTactivex.Installer -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTactivex.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTactivex.Installer\CurVer -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTactivex.Installer.2 -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ISTactivex.Installer.2\CLSID -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbAx -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbAx.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButton -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButton.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1 -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} -> Spyware.eXact : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CurVer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer.1 -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\ShopperReports -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Gator.com -> Spyware.Gator : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Gator.com\DashBar -> Spyware.Gator : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Gator.com\DashBar\Settings -> Spyware.Gator : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\msbb -> Spyware.180Solutions : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\WhenU -> Spyware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\Config.xml -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\db -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\dwld -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report\Header.xml -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\res1 -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\cs\res1\WhiteList.Dbs -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Application Data\ShopperReports\shprrprt.log -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-warnerbrothers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Manninen\Local Settings\Temporary Internet Files\Content.IE5\81MFCTUB\latest[1].exe -> Backdoor.Small : Cleaned with backup
    C:\hjt\backups\backup-20051206-120814-292.dll -> Spyware.WinAD : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\bxproxy.VIR -> Backdoor.Agent.qs : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\bxproxy.VIR00 -> Backdoor.Agent.qs : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\ibm00001.VIR -> Trojan.Agent.bu : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\ibm00001.VIR00 -> Trojan.Agent.bu : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\ibm00001.VIR01 -> Trojan.Agent.bu : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\TOOL5.EXE.001 -> Trojan.Small : Cleaned with backup
    C:\Program Files\AVPersonal\INFECTED\TOOL5.EXE.VIR -> Trojan.Small : Cleaned with backup
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Agent.bu : Cleaned with backup
    C:\Program Files\ShopperReports -> Spyware.HotBar : Cleaned with backup
    C:\Program Files\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
    C:\Program Files\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
    C:\Program Files\TV Media\Tvm.exe -> Spyware.TotalVelocity : Cleaned with backup
    C:\Program Files\TV Media\TvmBho.dll -> Spyware.TotalVelocity : Cleaned with backup
    C:\Program Files\TV Media\TvmCore.dll -> Spyware.TotalVelocity : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\TBEZB127Q.exe -> Spyware.Quick : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\WUSV-SYNCmInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\Zango Games\David vs Goliath\ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
    C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\bnmsrv.exe -> Backdoor.Agent.qs : Cleaned with backup
    C:\WINDOWS\system32\H@tKeysH@@k.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
    C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
    C:\WINDOWS\system32\HyperLinker6.exe -> Spyware.iSearch : Cleaned with backup
    C:\WINDOWS\system32\ll.exe -> Proxy.Lager.f : Cleaned with backup
    C:\WINDOWS\system32\msbbhook.dll -> Spyware.180Solutions : Cleaned with backup
    C:\WINDOWS\system32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\tvmk8.dll -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\system32\~update.exe -> Backdoor.Small : Cleaned with backup
    C:\WINDOWS\tool1.exe -> Dropper.Agent.abu : Cleaned with backup
    C:\WINDOWS\tool2.exe -> Hijacker.Spywad.k : Cleaned with backup
    C:\WINDOWS\tool3.exe -> Downloader.Small.bwr : Cleaned with backup


    ::Report End
     
  21. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Suht hyvältä näyttää ja ihan kiitettävästi oli sulla roskaa koneella ;)

    Qhostin takia tee vielä tämä:

    Hae hoster ->
    http://www.funkytoad.com/download/hoster.zip

    Pura zippi ja tuplaklikkaa hoster.exe

    Paina "Restore original hosts" ja ok.

    Lisäksi suosittelen lämpimästi Windows updatessa käyntiä ;)
     

Jaa tämä sivu