hijackthis

Discussion in 'Virukset ja haittaohjelmat' started by Aras88, Nov 23, 2005.

Page 1 of 2
  1. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    Onks tässä logfile kunnossa?


    Logfile of HijackThis v1.99.1
    Scan saved at 17:27:12, on 23.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\TopText\wo.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Warez P2P Client\warez.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HbTools\Bin\4.7.0.0\HbtSrv.exe
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.inf...2gQNmEiPaODpqLdKGZSbnC_ihmNO67QKb1hVtG6dx.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
    O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
    O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü‰üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [EjgB0Ô*ú*ÀaîžaaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB09¿Ì*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô*ú]Mú*ÀaîžaaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ú]Mú*ÀaîžaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ÀaîžaaîžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³#  é"h'þ9ÓœU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [Á³#  è"h'þ9ÓœT3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)
     
    Aras88, Nov 23, 2005
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    No ei sinne päinkään. Täynnä roskaa kone.

    Poista lisää/poista sovellus-kohdasta

    Ebates Moe Money Maker
    ISTsvc
    Hotbar
    Messenger Plus !3
    SpySpotter3
    TopText
    WebSecureAlert

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.socepbkpwrqyuzowdvws.info/VVGy7vSMbsDMvaBullFRVlB2gQNm...
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O2 - BHO: (no name) - {7F6828CA-9E42-462C-BC60-418C8144012C} - (no file)
    O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
    O2 - BHO: (no name) - {F49B5F48-E860-4A71-4CED-9BA3A6E5347F} - C:\DOCUME~1\Kevin\APPLIC~1\SCRDEF~1\Testdeaf.exe (file missing)
    O3 - Toolbar: (no name) - {AD74DBC2-7D96-4102-A585-3A7CA76CA9F0} - (no file)
    O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
    O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\onmhzdxp.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0¨4W
    }ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Lkmcdbp] C:\Program Files\Tkoyoq\Qkdyteq.exe O4 - HKLM\..\Run: [EjgB0ÔÁÔ]§ú"ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB0Ô@ÔÁÔÁÔ]§ú"ü‰üC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [EjgB0Ô*ú*ÀaîžaaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [EjgB09¿Ì*ú*ÀaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ*ú]Mú*ÀaîC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô*ú]Mú*ÀaîžaaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ú]Mú*ÀaîžaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K09¿Ì*ÀaîžaaîžigC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁÔ]§ú"ü‰»9õC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [Á³# è"h'þ9ÓœT3rųWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xwwxvm.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
    O4 - HKLM\..\Run: [docwbyko] C:\WINDOWS\system32\yghlzgsq.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [View Vc Htm Audio] C:\Documents and Settings\All Users\Application Data\PileLiesViewVc\Bonesecond.exe
    O4 - HKCU\..\Run: [BLAH GPL] C:\DOCUME~1\Kevin\APPLIC~1\SITEID~1\Comp Slow.exe
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\TopText\wo.exe
    O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm538YYFI
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {81B9C506-46D3-4667-9018-3D6575CBC046} (VacPro.finland_ver10) - http://advnt01.com/dialer/finland_ver10.CAB
    O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://www.advnt01.com/dialer/internazionale_ver4.CAB
    O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB
    O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
    O18 - Filter: text/html - {874735D6-675A-4B73-8B37-21C89E25AB1E} - C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\V0.29.dat
    O21 - SSODL: mtklefa - {950B3427-38AB-4AD6-6DB8-3A8C430E33D7} - C:\WINDOWS\System32\ohppy32.dll (file missing)
    O23 - Service: NvCplScan - Unknown owner - C:\WINDOWS\System32\nvsc32.exe" -netsvcs (file missing)

    Sitten käynnistä -> suorita -> services.msc Etsi listalta
    NvCplScan, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\Program Files\==>HbTools<==
    C:\DOCUME~1\Kevin\APPLIC~1\==>SCRDEF~1<==
    C:\WINDOWS\System32\==>onmhzdxp.exe<==
    C:\Program Files\==>ISTsvc<==
    C:\WINDOWS\==>xwwxvm.exe<==
    C:\WINDOWS\==>logon.exe<==
    C:\Program Files\==>MessengerPlus! 3<==
    C:\WINDOWS\system32\==>yghlzgsq.exe<==
    C:\Program Files\==>SpySpotter3<==
    C:\Documents and Settings\All Users\Application Data\==>PileLiesViewVc<==
    C:\DOCUME~1\Kevin\APPLIC~1\==>SITEID~1<==
    C:\PROGRA~1\==>TopText<==
    C:\Program Files\==>WebSecureAlert<==
    C:\Documents and Settings\arman\Local Settings\Application Data\microsoft\internet explorer\==>V0.29.dat<==
    C:\WINDOWS\System32\==>nvsc32.exe<==
    C:\Program Files\==>Ebates_MoeMoneyMaker<==

    Käynnistä uudelleen. Hae täältä -> http://www.ewido.net/en/download
    ewido, asenna, päivitä ja skannaa. Anna poistaa mitä löytää, tallenna raportti. Lähetä ewidon raportti ja uusi HjT-loki.
     
    Last edited: Nov 23, 2005
    -kemisti-, Nov 23, 2005
    #2
  3. Wauva

    Wauva Member

    Joined:
    Nov 23, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 7:13:02, on 24.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\DC++\DCPlusPlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido\security suite\SecuritySuite.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\HtJ\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
    O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Tossa mitään vikaa?
     
    Wauva, Nov 23, 2005
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    @Wauwa: Olisit saanu laittaa omaan viestiketjuun, mutta menköön tämän kerran. Ja vikaa on :)

    Poista lisää/poista sovellus-kohdasta (ohjauspaneeli):

    SurfAccuracy

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    O2 - BHO: (no name) - {9E3704C5-CFA0-64DA-7920-8C91F84A8AB6} - C:\DOCUME~1\Timo\APPLIC~1\WAVESO~1\defaultheck.exe (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Boltwaitpingfork] C:\Documents and Settings\All Users\Application Data\ReadmePeakBoltWait\upfind.exe
    O4 - HKLM\..\Run: [Windows IP Security Service] ipsecs.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\RunServices: [Windows IP Security Service] ipsecs.exe
    O4 - HKCU\..\Run: [STOPMANAGER] C:\Documents and Settings\Timo\Application Data\audio media vga\dent idle bias.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
    O23 - Service: Host Services - Unknown owner - C:\WINDOWS\svhosts.exe (file missing)
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

    Sitten käynnistä -> suorita -> services.msc. Etsi listalta;:

    Host Services
    MicroSoft Media Tools

    Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi "ei käytössä".

    Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista:

    C:\DOCUME~1\Timo\APPLIC~1\==>WAVESO~1<==
    C:\Documents and Settings\All Users\Application Data\==>ReadmePeakBoltWait<==
    C:\Program Files\==>SurfAccuracy<==
    C:\Documents and Settings\Timo\Application Data\==>audio media vga<==
    C:\WINDOWS\==>svhosts.exe<==
    C:\WINDOWS\==>MSmedia.exe<==

    Käynnistä uudelleen ja lähetä uusi HjT-loki.





     
    -kemisti-, Nov 23, 2005
    #4
  5. Wauva

    Wauva Member

    Joined:
    Nov 23, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 11:50:32, on 24.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HtJ\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fi\msnappau.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {96EB39C1-EE09-4720-99F3-4DD1C703D0BD} (soXmasPicOrd.soPicOrder2) - http://netanttila.softers.net/ax/522/Eiri_korttikone.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A1E5AD-A12A-4267-B1A7-7205A6B4E7D7}: NameServer = 212.50.211.55 212.50.192.227
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
    Wauva, Nov 23, 2005
    #5
  6. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Vielä jäi:

    Lisää/poista sovellus kohdasta:
    SurfAccuracy (Jos löytyy)


    Fixaa:
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

    Vikasietotilassa(F8 koneen käynnistyksen yhteydessä):
    C:\Program Files\-->SurfAccuracy<--

    Kone normaali tilaan ja uusi loki tänne.
     
    aaxxeell, Nov 24, 2005
    #6
  7. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    Tässä olis se uusi logi



    Logfile of HijackThis v1.99.1
    Scan saved at 21:35:44, on 24.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpqLdKGZSaGprc2qSe47gKb1hVtG6dx.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE





    Ja tässä olis se ewido reportti




    + Created on: 17:08:24, 24.11.2005
    + Report-Checksum: BE9EC54C

    + Scan result:

    HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Error during cleaning
    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{420C35C9-E4F2-49F9-BF67-2BE1ECF86989}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9FF56D85-DB4F-4267-B669-8D05B0BF9A04}\TypeLib\\ -> Spyware.eZula : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04} -> Spyware.SuperBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FAC94900-96D9-47fa-BA33-7EF1BBFBBCEC}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Spyware.HotBar : Error during cleaning
    HKLM\SOFTWARE\Classes\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
     
    Aras88, Nov 24, 2005
    #7
  8. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Jäi vielä muutama:

    Fixaa:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldmwsoldbsmax.net/VVGy7vSMbsDMvaBullFRVlB2gQNmEiPaODpq...
    O2 - BHO: (no name) - {356D535A-0484-4275-8A67-2285F3C5AA4E} - C:\WINDOWS\System32\dmrserver.dll (file missing)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27dc6825b29ba76bbe05/netzip/RdxIE601.cab
    ----------------------------------------------------------------------------------
    Vinkkinä:

    Selaimeksi muu kuin Internet Explorer:
    Firefox: http://www.mozilla.org/products/firefox/ tai
    Opera: http://www.opera.com/

    SpywareBlaster
    Estää haitallisten activeX ja evästeiden asentumisen koneelle.
    Lataa -> http://www.javacoolsoftware.com/spywareblaster.html
    Ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/221085
    ------------------------------------------------------------------------------------
    eScan:illa läpi vielä kone:
    Ohjeet ja lataus -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
    Päivitä ja Scannaa koko kone sivun ohjeiden mukaan.
    Lähetä örkki tulokset (alempi laatikko) + uusi hjt!
     
    aaxxeell, Nov 24, 2005
    #8
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Hmmm, kun toi search bar-juttu ei lähteny, niin siellä voi olla "lopjob" takana. Tees aaxxeellin ohjeiden lisäks näin:

    Hae findlop -> http://metallica.geekstogo.com/findlop.zip

    Pura ja tuplaklikkaa findlop.bat
    Logi löytyy tuolta C:\findlop.txt, lähetä se tänne.
     
    -kemisti-, Nov 24, 2005
    #9
  10. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'Symantec NetDetect.job'
    [TRACE] Printing all job properties

    ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
    Parameters: ''
    WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
    Comment: 'Symantec NetDetect'
    Creator: 'SYSTEM'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 11/24/2005 23:14:00
    NextRun: 11/25/2005 11:14:00
    StartError: S_OK
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 0
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 11/25/2005
    EndDate: 00/00/0000
    StartTime: 03:14
    MinutesDuration: 1440
    MinutesInterval: 240
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


    [TRACE] Activating job 'AE14984A91870C52.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\arman\applic~1\siteid~1\NewActiveDog.exe'
    Parameters: ''
    WorkingDirectory: ''
    Comment: ''
    Creator: 'arman'
    Priority: NORMAL
    MaxRunTime: 259200000 (3d 0:00:00)
    IdleWait: 10
    IdleDeadline: 60
    MostRecentRun: 08/20/2005 20:00:00
    NextRun: 11/25/2005 11:00:00
    StartError: 0x80070005
    ExitCode: 0
    Status: SCHED_S_TASK_READY
    ScheduledWorkItem Flags:
    DeleteWhenDone = 0
    Suspend = 0
    StartOnlyIfIdle = 0
    KillOnIdleEnd = 0
    RestartOnIdleResume = 0
    DontStartIfOnBatteries = 0
    KillIfGoingOnBatteries = 0
    RunOnlyIfLoggedOn = 1
    SystemRequired = 0
    Hidden = 1
    TaskFlags: 0

    1 Trigger

    Trigger 0:
    Type: Daily
    DaysInterval: 1
    StartDate: 10/06/1996
    EndDate: 00/00/0000
    StartTime: 00:00
    MinutesDuration: 1440
    MinutesInterval: 60
    Flags:
    HasEndDate = 0
    KillAtDuration = 0
    Disabled = 0


     
    Aras88, Nov 24, 2005
    #10
  11. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Näin ajattelinkin :)

    Fixaa ensin HjT:llä nuo aaxxeellin sanomat jutut (toi R1-rivi voi olla jo erinäköinen, mutta se "nettiosoite" on kuitenkin siansaksaa)

    Hae KillBox

    http://www.bleepingcomputer.com/files/spyware/KillBox.zip

    Pura,avaa ja täppi kohtaan [bold]Delete on Reboot[/bold]
    Sitten kopioi rivi tosta alapuolelta

    C:\WINDOWS\Tasks\AE14984A91870C52.job

    Sitten KillBoxissa ylhäältä File > Paste from Clipboard
    Sen jälkeen paina Delete (punainen, jossa on valkonen X)
    Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

    Lähetä sen jälkeen uusi Hijack-logi.
     
    -kemisti-, Nov 24, 2005
    #11
  12. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    joo mä tein toon homman killboxilla ja käynnistin koneen ja tässä on se uus hijack-logi




    Logfile of HijackThis v1.99.1
    Scan saved at 11:34:23, on 25.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\BACKWE~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Kevin\Omat tiedostot\Hijack\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [FLMK08KB] C:\Documents and Settings\arman\Työpöytä\MMKEYBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YaplockTray.exe] C:\PROGRA~1\YAPLOCK\YaplockTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: FS BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\PROGRAM\SERVIC~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
     
    Aras88, Nov 24, 2005
    #12
  13. Zipp2

    Zipp2 Regular member

    Joined:
    Sep 30, 2005
    Messages:
    376
    Likes Received:
    0
    Trophy Points:
    26
    Scannasikko Ewidolla vikasietotilassa...logissa erroreita Altnet ja Hotbar.
     
    Zipp2, Nov 24, 2005
    #13
  14. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Loki on ok. Toi Warez P2P Client ei ole kovin suositeltava p2p-ohjelma, sen mukana tulee spywarea ja muuta roskaa. Mutta jos välttämättä haluat käyttää sitä, en estä ;)
     
    -kemisti-, Nov 24, 2005
    #14
  15. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    ok! kiitos avusta ja neuvosta ;)
     
    Aras88, Nov 24, 2005
    #15
  16. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    ai niin ja yks juttu vielä kun tää kone ei oo mun vaan yhen mun kaverin niin kun se yrittää messengerillä vastaan ottaa tiedostoja sen koneen palomuuri estää vastaan ottamaan tiedostoja.

    ja en oikee tiedä kuinka korjata asian?:/

     
    Aras88, Nov 24, 2005
    #16
  17. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Tarkoitatko, et mp3- ja exe-tiedostot ei tule perille? Siihen auttaa a-patch -> http://apatch.tk
     
    -kemisti-, Nov 25, 2005
    #17
  18. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    Mä latasin tään a-patch ohjelman mut mitä mun pitää siis tehdä ku tässä on jotain remove text box ja semmmoista?!
     
    Aras88, Nov 27, 2005
    #18
  19. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Valitse sieltä a-patchista "Remove File Transfer Protection". Sillä saa myös mainokset ym. pois, jos haluaa.
     
    -kemisti-, Nov 27, 2005
    #19
  20. Aras88

    Aras88 Regular member

    Joined:
    May 21, 2005
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    26
    siis kyllä ne mp3-tiedostot ja muut tulee perille mut sit tulee tiedote et palomuuri ei muka anna avata niitä ku siin voi olla virus riski?! :/

    ainakin mun kaveri sano niin ku tää ei oo mun kone vaan kaverini ja yritän korjata sitä.
     
    Aras88, Nov 27, 2005
    #20
Page 1 of 2

Share This Page