kun mikään ei toimi

jussij · Jul 7, 2006

joo...kun koneen avaa niin silloin tulee ainoastaan taustakuva näkyviin mutta ei mitään työpöydälle eikä käynnistä valikkoa.ainoa mikä toimii on ctrl,alt ja del millä saan auki tehtävien hallinnan ja sitä kautta kyllä periaatteessa minkä vaan ohjelman auki.
olen ajanut koneen parilla online virus ohjelmilla ja joka kerta se löytää matoi ja jottain viruksii.
tässä hjt-lista:Logfile of HijackThis v1.99.1
Scan saved at 12:20:07, on 7.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Norman\Nvc\BIN\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\G8L4NXGW\HijackThis_v1.99.1[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {275C9368-09A2-020B-FCEB-73D58C5CECC4} - C:\WINDOWS\system32\sjoya.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [spywareremover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
O4 - HKLM\..\Run: [F-Secure Anti-FunLove] C:\WINDOWS\system32\flcss.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [umko] C:\PROGRA~1\COMMON~1\umko\umkom.exe
O4 - HKCU\..\Run: [Asoc] "C:\PROGRA~1\COMMON~1\WNSXS~1\wowexec.exe" -vt yazr
O4 - HKCU\..\Run: [Lddnod] C:\WINDOWS\RACLE~1\NTEPAD~1.EXE
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfscan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\azam0c11ef.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Uml0dmE\command.exe (file missing)
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe

auttakaa...olen vähän käpy koneiden kanssa...

-kemisti- · Jul 7, 2006

Lataa http://www.atribune.org/ccount/click.php?id=7
Look2Me-Destroyer.exe työpöydällesi.

TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:

* Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
* Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
* Klikkaa OK.
* Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
* Toissijainen kirjautuminen
* Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
* Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja.
[*]Sulje kaikki ikkunat ennen jatkamista.
[*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
[*]Rastita Run this program as a task.
[*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
[*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
[*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
[*]Saat Done Scanning viestin, klikkaa OK.
[*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
[*]Tietokoneesi sammuttaa itsensä.
[*]Käynnistä koneesi uudelleen.
Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Koeta uudelleen.

Lataa tuosta http://www.merijn.org/files/bfu.zip
Brute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfu ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.

Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe

Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu

Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)

Odota Complete script execution boksia ja klikkaa OK.

Klikkaa exit lopettaaksesi Brute Force Uninstallerin.
Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi sekä C:\Look2Me-Destroyer.txt tiedoston sisältö .

jussij · Jul 7, 2006

muuten mut käynnistä valikkoa ei ole....ainoa minkä saan esiin on tehtävien hallinta...mut sitä kautta saan kyl melkein minkä vaan auki

-kemisti- · Jul 7, 2006

Joo no ohita se kohta sitten ja jatka eteenpäin.

jussij · Jul 10, 2006

kiitos kiitos...nyt taas kaikki toimii...

-kemisti- · Jul 10, 2006

Lähetä uusi HjT-loki ja C:\Look2Me-Destroyer.txt tiedoston sisältö, koska kaikki pöpöt eivät lähteneet tuolla vielä Vasta pari poistettiin.

jussij · Jul 19, 2006

Logfile of HijackThis v1.99.1
Scan saved at 18:34:34, on 19.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\WINDOWS\system32\winctl32.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\{747F40F1-0A3F-1035-1225-030723200166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\WHUBW9YJ\HijackThis_v1.99.1[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettiauto.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {275C9368-09A2-020B-FCEB-73D58C5CECC4} - C:\WINDOWS\system32\sjoya.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Windows Control] C:\WINDOWS\system32\winctl32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Asoc] "C:\PROGRA~1\COMMON~1\WNSXS~1\wowexec.exe" -vt yazr
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfscan.cab
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dnnq0155e.dll (file missing)
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Look2Me - Unknown owner - C:\Documents and Settings\Ritva\Omat tiedostot\Unzipped\f-look2me[1]\f-look2me.exe" /service (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)

-kemisti- · Jul 19, 2006

Siirrä HjT omaan kansioonsa -> C:\hjt

Poista ohjauspaneelista:

Toolbar888

Fixaa HjT:llä:

R3 - URLSearchHook: (no name) - {275C9368-09A2-020B-FCEB-73D58C5CECC4} - C:\WINDOWS\system32\sjoya.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Windows Control] C:\WINDOWS\system32\winctl32.exe
O4 - HKCU\..\Run: [Asoc] "C:\PROGRA~1\COMMON~1\WNSXS~1\wowexec.exe" -vt yazr
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\dnnq0155e.dll (file missing)
O23 - Service: F-Look2Me - Unknown owner - C:\Documents and Settings\Ritva\Omat tiedostot\Unzipped\f-look2me[1]\f-look2me.exe" /service (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista jos löytyy:

C:\WINDOWS\system32\sjoya.dll
C:\Program Files\ToolBar888
C:\Program Files\ipwins
C:\WINDOWS\system32\winctl32.exe
C:\PROGRA~1\COMMON~1\WNSXS~1
C:\Program Files\Network Monitor

Käynnistä uudelleen.

Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Lähetä myös uusi HjT-loki.

jussij · Jul 20, 2006

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Ritva\.housecall\Quarantine\javaws.exe.bac_a02168 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168/data0004/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168/data0004 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168 NSIS: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168 UPX: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168 PE_Patch.UPX: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\maxidr[1].avi.bac_a02168 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\VVSN_FRZE1001Inst.exe.bac_a02168/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\VVSN_FRZE1001Inst.exe.bac_a02168/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\VVSN_FRZE1001Inst.exe.bac_a02168 Embedded CAB: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\VVSN_FRZE1001Inst.exe.bac_a02168 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WinUpdate.exe.bac_a02168/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WinUpdate.exe.bac_a02168 NSIS: infected - 1 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WinUpdate.exe.bac_a02168 UPX: infected - 1 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WinUpdate.exe.bac_a02168 PE_Patch.UPX: infected - 1 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WinUpdate.exe.bac_a02168 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Ritva\.housecall\Quarantine\WSAHelper.dll.bac_a02168 Infected: not-a-virus:AdWare.Win32.DashBar.c skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\!update.0xe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\temp.fr92B6 Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\temp.frB197 Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\wu.exe/stream/data0001/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\wu.exe/stream/data0001/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\wu.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\wu.exe/stream Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped

C:\Documents and Settings\Ritva\Local Settings\Temp\wu.exe NSIS: infected - 4 skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\C50V8NGN\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\E30YGA4R\kybrdb_3[1].exe.mwt Infected: Backdoor.Win32.VB.ary skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\UD5A3AXG\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\UD5A3AXG\tbfp[1].avi NSIS: infected - 1 skipped

C:\mc-110-12-0000228.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\mc-110-12-0000228.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\mc-110-12-0000228.exe NSIS: infected - 2 skipped

C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped

C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped

C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped

C:\Program Files\WebSecureAlert\WebSecureUninstaller.exe Infected: not-a-virus:AdWare.Win32.Gator.10021 skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP745\A0212849.exe Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220930.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220969.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220973.dll Infected: not-a-virus:AdWare.Win32.DashBar.c skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220980.exe/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220980.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220980.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0220980.exe PE_Patch.UPX: infected - 1 skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0222899.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0222901.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP771\A0223920.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP774\A0228427.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP774\A0228439.exe.mwt Infected: Backdoor.Win32.VB.ary skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228698.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228717.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228718.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228719.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228724.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP775\A0228725.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP777\A0228811.exe/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP777\A0228811.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP777\A0228881.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP783\A0229006.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP783\A0229007.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped

C:\System Volume Information\_restore{B69D094F-53AB-419B-9C02-58C51ED2B97A}\RP786\A0230293.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\WINDOWS\ExeDialer.exe Infected: not-a-virusorn-Dialer.Win32.InstantAccess skipped

C:\WINDOWS\system32\jr0025dmg.dll.ren Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\WINDOWS\system32\sjoya.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\WINDOWS\system32\taskmgr.dl$ Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped

C:\WINDOWS\Uml0dmE\asappsrv.dll.bak Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\WINDOWS\Uml0dmE\command.exe.bak Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\WINDOWS\Οracle\NTEPAD~1.EX$ Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped

Scan process completed

Logfile of HijackThis v1.99.1
Scan saved at 12:31:00, on 20.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\{747F40F1-0A3F-1035-1225-030723200166}\Update.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\E30YGA4R\HijackThis_v1.99.1[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettiauto.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfscan.cab
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

-kemisti- · Jul 20, 2006

Aika hyvältä näyttää Paitsi, että se HijackThis.exe ei vieläkään ole omassa kansiossaan, vaan tempissä roskien keskellä

Tyhjennä nämä hakemistot(poista kaikki tiedostot ja alihakemistot, sulje selain ennen sitä):

C:\Documents and Settings\Ritva\.housecall\Quarantine
C:\Documents and Settings\Ritva\Local Settings\Temp
C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files

Poista:

C:\mc-110-12-0000228.exe
C:\Program Files\MyWay
C:\Program Files\WebSecureAlert
C:\WINDOWS\ExeDialer.exe
C:\WINDOWS\system32\jr0025dmg.dll.ren
C:\WINDOWS\system32\sjoya.dll
C:\WINDOWS\system32\taskmgr.dl$
C:\WINDOWS\Uml0dmE
C:\WINDOWS\Οracle

Putsaa järjestelmän palautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Sitten käynnistä -> suorita
kirjoita sc stop NipSvc ja klikkaa ok
sitten sc delete NipSvc ja klikkaa ok.

Käynnistä uudelleen.

Skannaa uudelleen kasperskyllä

Lähetä uusi HjT-loki ja kasperskyn raportti.

jussij · Jul 20, 2006

Logfile of HijackThis v1.99.1
Scan saved at 14:58:22, on 20.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Common Files\{747F40F1-0A3F-1035-1225-030723200166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ritva\Työpöytä\jussi\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettiauto.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dnainternet.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4800/mcfscan.cab
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

scannaus kestää taas pari tuntii...

jussij · Jul 20, 2006

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\C50V8NGN\!update-4020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.cl skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\E30YGA4R\kybrdb_3[1].exe.mwt Infected: Backdoor.Win32.VB.ary skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\UD5A3AXG\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\Documents and Settings\Ritva\Local Settings\Temporary Internet Files\Content.IE5\UD5A3AXG\tbfp[1].avi NSIS: infected - 1 skipped

C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe NSIS: infected - 2 skipped

Mikä siinä on kun asensin ton f-securen niin netti ja kone muutenkin hidastu tosi paljon?netissä sivut ei aukee yhtä nopeesti kuin ennen ja kuvakkeet työpöydällä kestää kans aueta pitkästymiseen asti...osaatko neuvoa mitä tehdä sen suhteen?

-kemisti- · Jul 20, 2006

Näyttää aika hyvältä

HjT-loki on ok.

Tyhjennä Internet Explorerin väliaikaistiedostot.

Kuinka paljon koneessa keskusmuistia?

jussij · Jul 20, 2006

37,2 gt

-kemisti- · Jul 20, 2006

Niin tuo on varmaan kiintolevytila (vapaana oleva) Entäs se keskusmuistin (RAM) määrä?

jussij · Jul 21, 2006

en tiedä mistä katsoa mutta mulla on semmonen rambooster v2.0 joka sanoo et free ram and computer usage (%)23% ja cpu: 25% free ram at the moment n. 60 000 kb

blade81 · Jul 21, 2006

Ikkunanäppäin+break -yhdistelmän esiintuova järjestelmätiedot ikkuna näyttää (poikkeuksiakin on) sinulle muistimäärän.

jussij · Jul 21, 2006

ikkunanäppäin+break?

-kemisti- · Jul 21, 2006

Jos siis sanoit että free ram 23 % ja free ram at the moment n. 60 000 kb(jos siis tajusin oikein), niin sen mukaan sulla on 256 megaa keskusmuistia, joka on tosi vähän F-securelle.

jussij · Jul 21, 2006

ahaa...eli siis sen takia tökkii?mitä suosittelisit tehtäväksi?

Log in or Sign up

kun mikään ei toimi

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

blade81 Active member

jussij Member

-kemisti- Active member

jussij Member

Share This Page

Log in or Sign up

kun mikään ei toimi

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

jussij Member

-kemisti- Active member

jussij Member

-kemisti- Active member

jussij Member

blade81 Active member

jussij Member

-kemisti- Active member

jussij Member

Share This Page

Useful Searches