Logfile of HijackThis v1.99.1 Scan saved at 20:05:51, on 20.8.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Razer\razerhid.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe C:\Program Files\Internet Explorer\iexplore.exe C:\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\F-Secure\Common\FSLAUNCH.EXE C:\Documents and Settings\Omistaja\Työpöytä\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hogyfjdaph.com/8D53jobEL_hvU5gWUhSs5qyykJTvDwrkswaZFngR8_3_WOt0XraaiwCJR2OY2snq.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nlzfybgkpieufgricqv.uk/8D53jobEL_h/OmA6Dok7/NLXFAmZKrwNvm5UXh/wRW0.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {34806FDB-5D29-6CB8-D07C-76EF1DEAC63D} - C:\DOCUME~1\Omistaja\APPLIC~1\4ONCE~1\HideView.exe O2 - BHO: (no name) - {39F13C8E-FFDF-4B75-B110-78B89CA1E562} - C:\WINDOWS\System32\ailglfa.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [FoWilco] fowilco.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe O4 - HKLM\..\Run: [mfcd corn platform body] C:\Documents and Settings\All Users\Application Data\Error Inter Mfcd Corn\Shim Funk.exe O4 - HKLM\..\Run: [*windows update] wruaclt.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 15.5\RivaTuner.exe" /S O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [More log bird wma] C:\Documents and Settings\All Users\Application Data\rulegluemorelog\city owns.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [MS Office32c Startup] OfficeGUI32c.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update] svmhost.exe O4 - HKLM\..\RunServices: [FoWilco] fowilco.exe O4 - HKCU\..\Run: [MS Office32c Startup] OfficeGUI32c.exe O4 - HKCU\..\Run: [Microsoft Windows Update] svmhost.exe O4 - HKCU\..\Run: [loud wait] C:\DOCUME~1\Omistaja\APPLIC~1\PROGRA~1\SectFlaw.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [FoWilco] fowilco.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Filter: text/html - {9C54C938-6334-42C7-ADE8-9F4F2BADDEDF} - C:\WINDOWS\System32\ailglfa.dll O18 - Filter: text/plain - {9C54C938-6334-42C7-ADE8-9F4F2BADDEDF} - C:\WINDOWS\System32\ailglfa.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\system32\nvsc32.exe" -netsvcs (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe mä tiedän et tuol on jotain turhaa ja viiruksia voisko joku jelpata :/
Fixaa nämä: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hogyfjdaph.com/8D53jobEL_hvU5gWUhSs5qyykJTvDwrkswaZFng... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nlzfybgkpieufgricqv.uk/8D53jobEL_h/OmA6Dok7/NLXFAmZKrw... O2 - BHO: (no name) - {39F13C8E-FFDF-4B75-B110-78B89CA1E562} - C:\WINDOWS\System32\ailglfa.dll (file missing) O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe O4 - HKLM\..\Run: [mfcd corn platform body] C:\Documents and Settings\All Users\Application Data\Error Inter Mfcd Corn\Shim Funk.exe O4 - HKLM\..\Run: [*windows update] wruaclt.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [More log bird wma] C:\Documents and Settings\All Users\Application Data\rulegluemorelog\city owns.exe O4 - HKCU\..\Run: [loud wait] C:\DOCUME~1\Omistaja\APPLIC~1\PROGRA~1\SectFlaw.exe O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe Käynnistä vikasietotilaan ja poista: svmhost.exe (tod.näk. c:\windows-hakemistossa) hakemisto C:\Documents and Settings\All Users\Application Data\==>Error Inter Mfcd Corn<== wruaclt.exe (tod.näk myös windows-hakemistossa) hakemisto C:\Documents and Settings\All Users\Application Data\==>rulegluemorelog<== C:\DOCUME~1\Omistaja\APPLIC~1\PROGRA~1\==>SectFlaw.exe<== C:\WINDOWS\system32\==>svphost.exe<== Käynnistä uudestaan ja laita uusi loki.
ai ekaks käynnistän vikasieto tilas sit poistan noi yhet ja laitan noi sun fixit? hups tuli kahteen kertaan
Korjaus ohjeita saat varmasti muilta, mutta yksi kommentti: 04 - alkuisia ohjelmia aivan älytön määrä. Esim mulla on niitä 4 kertaa vähemmän. Ei varmasti kannattaisia asentaa ihan kaikkea omalle koneelle mitä netti tarjoaa.
Fixaa noi ekaks ja käynnistä sit vikasietotilaan ja poista ne siinä listassa olevat EDIT: Ja fixaa myös nämä: O4 - HKLM\..\Run: [FoWilco] fowilco.exe O4 - HKLM\..\RunServices: [FoWilco] fowilco.exe O4 - HKCU\..\Run: [FoWilco] fowilco.exe Ja poista myös tiedosto fowilco.exe vikasietotilassa (löytynee windows-hakemistosta) Nämä epäilyttävät, joten nekin voi fixata: O4 - HKLM\..\RunServices: [MS Office32c Startup] OfficeGUI32c.exe O4 - HKCU\..\Run: [MS Office32c Startup] OfficeGUI32c.exe
