hjt logi

Spyed · Mar 17, 2006

Eli ongelmana jatkuvasti silmille pomppiva SpyFalcon sekä muutamia kertoja ilmestynyt ilmoitus w32.renos-viruksesta, jonka puhdistaminen ei tunnu F-Securen ohjelmistolta onnistuvan. Myös jokin w32.sinnaka-virus on silloin tällöin kummitellut...

Logfile of HijackThis v1.99.1
Scan saved at 9:24:57 PM, on 3/17/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\The Cleaner\cleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [HO-Assistant] "C:\HO-Assistant\HO-Assistant.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Service - {5F3DB0C9-D34B-45EB-A6F9-34F5FEDC567A} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS - {B7CB3EAA-2ECD-4500-903C-6C0536F32839} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Support - {D658AE4D-4706-4999-B4BB-2FE6F33BD18D} - http://tuki.elisa.net/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ylydvbwn.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14e21c47dfc7a7e8e615/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124476922287
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124478009971
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: systemp - {76EE5D02-96DF-4806-9AD7-A180B1BC0B8F} - systemp.dll (file missing)
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

Disa- · Mar 17, 2006

Fixaa seuraavat, eli do a system scan only, laita rastit seuraaviin ja fix checked:

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\ylydvbwn.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14e21c47dfc7a7e8e615/netzip/RdxIE601.cab
O21 - SSODL: systemp - {76EE5D02-96DF-4806-9AD7-A180B1BC0B8F} - systemp.dll (file missing)

* Lataa smitrem työpöydälle
http://noahdfear.geekstogo.com/click counter/click.php?id=1
Tuplaklikkaa sitä ja Start, niin saat smitrem-kansion työpöydälle.

* Ota FixSF.reg työpöydälle
http://www.bleepingcomputer.com/files/reg/FixSF.reg
Tuplaklikkaa sitä ja vastaa myöntävästi.

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) poista seuraavat:

C:\Program Files\Internet Explorer\ylydvbwn.exe <- tiedosto
systemp.dll <- tiedosto (etsi Etsi-toiminnolla)

* Poista ohjauspaneelista (lisää/poista sovellus)
- SpyFalcon
ja jos se käskee\vaatii käynnistään koneen uudestaan, älä käynnistä.
Sitten poista
C:\Program\SpyFalcon\ < kansio voi olla, että ei löydy enää
C :\Windows\System32\dxmpp.dll
C:\WINDOWS\system32\ginuerep.dll
* Sen jälkeen avaa smitrem-kansio ja tuplaklikkaa RunThis.bat ja seuraa ohjeita.

Käynnistä tavallisesti. Lähetä uusi HjT-loki ja c:\smitfiles.txt- tiedoston sisältö.

mawdrgn · Mar 17, 2006

EDIT: Disa nopee

Spyed · Mar 17, 2006

Tässä on nyt viimeisimmät versiot näistä logifileistä. Sen verran muokkasin tuota Smitrem:n filettä, että poistin sieltä oman nimeni kummittelemasta "running from"-polusta.

SpyFalconia ei ole pinnalle pulpahtanut, vaikka on se tosin ennenkin ollut vuorokauden jossain piilossa.

Vieläkö jotain pitäisi tehdä?

Logfile of HijackThis v1.99.1
Scan saved at 11:50:18 AM, on 3/18/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\NetDrive\wdService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINNT\system32\internat.exe
C:\HO-Assistant\HO-Assistant.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\hjt\HijackThis.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local>
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [HO-Assistant] "C:\HO-Assistant\HO-Assistant.exe"
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Service - {5F3DB0C9-D34B-45EB-A6F9-34F5FEDC567A} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS - {B7CB3EAA-2ECD-4500-903C-6C0536F32839} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Support - {D658AE4D-4706-4999-B4BB-2FE6F33BD18D} - http://tuki.elisa.net/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124476922287
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124478009971
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows 2000 [Version 5.00.2195]
The current date is: Sat 03/18/2006
The current time is: 11:44:23.32

Running from
C:\Documents and Settings\****\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 428 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

Disa- · Mar 18, 2006

Tarkista tämä C:\HO-Assistant\HO-Assistant.exe täällä -> http://www.virustotal.com/flash/index_en.html ja laita sen tulokset tänne.

Spyed · Mar 18, 2006

a
This is a report processed by VirusTotal on 03/18/2006 at 19:57:42 (CET) after scanning the file "HO-Assistant.exe" file.

Antivirus Version Update Result
AntiVir 6.34.0.53 03.18.2006 no virus found
Avast 4.6.695.0 03.17.2006 no virus found
AVG 718 03.17.2006 no virus found
Avira 6.34.0.53 03.18.2006 no virus found
BitDefender 7.2 03.18.2006 no virus found
CAT-QuickHeal 8.00 03.18.2006 no virus found
ClamAV devel-20060126 03.17.2006 no virus found
DrWeb 4.33 03.18.2006 no virus found
eTrust-InoculateIT 23.71.105 03.18.2006 no virus found
eTrust-Vet 12.4.2123 03.17.2006 no virus found
Ewido 3.5 03.18.2006 no virus found
Fortinet 2.71.0.0 03.18.2006 no virus found
F-Prot 3.16c 03.17.2006 no virus found
Ikarus 0.2.59.0 03.17.2006 no virus found
Kaspersky 4.0.2.24 03.18.2006 no virus found
McAfee 4721 03.17.2006 no virus found
NOD32v2 1.1450 03.18.2006 no virus found
Norman 5.70.10 03.17.2006 no virus found
Panda 9.0.0.4 03.18.2006 no virus found
Sophos 4.03.0 03.18.2006 no virus found
Symantec 8.0 03.18.2006 no virus found
TheHacker 5.9.5.115 03.17.2006 no virus found
UNA 1.83 03.16.2006 no virus found
VBA32 3.10.5 03.17.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contact En español
www.virustotal.com :: ©Hispasec Sistemas 2004-06 :: e-mail info@virustotal.com

Spyed · Mar 19, 2006

No eipä tuo SpyFalcon ole tänään näyttäytynyt, joten kiitokset ohjeista.

Log in or Sign up

hjt logi

Spyed Member

Disa- Regular member

mawdrgn Regular member

Spyed Member

Disa- Regular member

Spyed Member

Spyed Member

Share This Page

Log in or Sign up

hjt logi

Spyed Member

Disa- Regular member

mawdrgn Regular member

Spyed Member

Disa- Regular member

Spyed Member

Spyed Member

Share This Page

Useful Searches