Kone temppuilee yksinään

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by lwilson, Feb 27, 2007.

  1. lwilson

    lwilson Member

    Joined:
    Sep 16, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 1:12:07 PM, on 2/27/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINNT\System32\mgabg.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\WINNT\System32\PDesk.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\WINNT\system32\mapiicon.exe
    C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\Labtec Wireless Desktop\OSD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Documents and Settings\Lars Kipketer\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F3 - REG:win.ini: run=
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ADSL_A2] A2Installed
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINNT\system32\mapiicon.exe
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://E:\ols\cd-db\fscax.cab
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) -
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
     
    lwilson, Feb 27, 2007
    #1
  2. mikkoi

    mikkoi Regular member

    Joined:
    May 14, 2004
    Messages:
    702
    Likes Received:
    0
    Trophy Points:
    26
    Korjaa:
    F3 - REG:win.ini: run=
     
    mikkoi, Mar 3, 2007
    #2
  3. lwilson

    lwilson Member

    Joined:
    Sep 16, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 9:52:33 PM, on 3/3/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINNT\System32\mgabg.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\WINNT\System32\PDesk.exe
    C:\WINNT\Mixer.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\WINNT\system32\mapiicon.exe
    C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    C:\Program Files\Labtec Wireless Desktop\OSD.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
    C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
    C:\Documents and Settings\Lars Kipketer\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ADSL_A2] A2Installed
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINNT\system32\mapiicon.exe
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://E:\ols\cd-db\fscax.cab
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) -
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe

     
    lwilson, Mar 3, 2007
    #3
  4. mikkoi

    mikkoi Regular member

    Joined:
    May 14, 2004
    Messages:
    702
    Likes Received:
    0
    Trophy Points:
    26
    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Lataa se tästä

    * Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    * Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    * Käynnistä AVG Anti-Spyware.
    * Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    * Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    * Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    * Sitten "Reports" valikon alta:

    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    * Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    * "Resident shield is", muuta tila active:sta inactive:ksi
    * Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä koneesi vikasietotilaan, ohje alhaalla!

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.

    * Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    * Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    * AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    * Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    * Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

    * Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    * Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    * Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti tänne.

    · Kuinka käynnistän tietokoneeni vikasietotilaan?

    Windows käyttöjärjestelmissä virus- ja vakoiluohjelmien onnistunut poisto vaatii usein koneen käynnistämisen vikasietotilassa. Käynnistäminen vikasietotilaan onnistuu useimmissa tapauksissa klikkaamalla (joskus rämpyttämällä) F8-näppäintä käynnistyksen yhteydessä.

    Katso tarkemmat ohjeet omaan käyttöjärjestelmääsi. Sivusto on englanninkielinen.
     
    mikkoi, Mar 3, 2007
    #4
  5. lwilson

    lwilson Member

    Joined:
    Sep 16, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:22:22 AM 3/4/2007

    + Scan result:



    :mozilla.23:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.55:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.56:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.49:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.50:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.51:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.41:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.65:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.66:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.67:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.68:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.69:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.70:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.45:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.46:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.47:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.10:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.11:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.71:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.58:C:\Documents and Settings\Lars Kipketer\Application Data\Mozilla\Firefox\Profiles\ala9wh42.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


    ::Report end

     
    lwilson, Mar 3, 2007
    #5
  6. Hujo

    Hujo Guest

    laita Hjt loki myös
     
    Hujo, Mar 3, 2007
    #6
  7. lwilson

    lwilson Member

    Joined:
    Sep 16, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 2:30:50 AM, on 3/4/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
    C:\WINNT\System32\mgabg.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\WINNT\System32\PDesk.exe
    C:\WINNT\Mixer.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    C:\WINNT\system32\mapiicon.exe
    C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    C:\Program Files\Labtec Wireless Desktop\OSD.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
    C:\Documents and Settings\Lars Kipketer\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [ADSL_A2] A2Installed
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINNT\system32\mapiicon.exe
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
    O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
    O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://E:\ols\cd-db\fscax.cab
    O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) -
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe

     
    lwilson, Mar 3, 2007
    #7
  8. Hujo

    Hujo Guest

    noi voit fixsata
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    ajas vielä escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.
     
    Last edited by a moderator: Mar 3, 2007
    Hujo, Mar 3, 2007
    #8

Share This Page