kuvakkeet hyppii silmille

volvo242 · Mar 14, 2006

Osaisko kukaa neuvoo miten tollaset kuvakkeet jotka aina ilmestyy työpöydälle ku käynnistää koneen sais poistettuu lopullisesti? Tai onko kellään etes ollu samanlaisia kokemuksia?

-kemisti- · Mar 14, 2006

Minkälaisia kuvakkeita ne on? Jotain online casino, buy viagra tms. vai ihan ohjelmien, jotka tiedät, kuvakkeita?

volvo242 · Mar 15, 2006

No ne on just jotain casino, ringtones, find a date jne...

blade81 · Mar 15, 2006

Sitten teet näin:

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

Voisin ottaa tämän casen hoitoon.

volvo242 · Mar 15, 2006

No tässä tätä nyt ois. Luulen kyllä et siel on paljon muutaki skeidaa mut kohan nyt sais etes ne kuvakkeet veks.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:18, on 15.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ledizuzpurovynuzjjyaa.ne...9e12Yb89iWde2U/AMjgNKb/cQt/FHrtu628wiNhz.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fzcfsnqizreoyibtvdvve.com/ggmeJCbameNjnoV1I4wHNDY8Gjv86hGlreCxJQGcI3k.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BA71342-1A3C-0B7C-7177-B32AFC72FAA7} - C:\DOCUME~1\PIEVIL~1\APPLIC~1\COOLMO~1\Cake Great.exe
O2 - BHO: (no name) - {4B3B94C0-CD10-422F-8229-1C3897E7B358} - C:\WINDOWS\System32\dfhh.dll (file missing)
O2 - BHO: (no name) - {7064E6E4-87E2-0F24-274E-A8CC38A7626B} - C:\DOCUME~1\PIEVIL~1\APPLIC~1\COOLMO~1\Cake Great.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Tray Glue Proxy Extra] C:\Documents and Settings\All Users\Application Data\RULEBIRDTRAYGLUE\one style.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [SEEK MAIL MFCD TWO] C:\Documents and Settings\All Users\Application Data\thunk vc seek mail\start comp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [64wait] C:\DOCUME~1\PIEVIL~1\APPLIC~1\STYLEB~1\BodyPileWay.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107164884905
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

blade81 · Mar 15, 2006

Eiköhän puhdisteta samalla muutkin kuin tuo kuvakeongelman aiheuttaja. Palaan asiaan..

volvo242 · Mar 15, 2006

Jees voiha sitä yrittää mut en sit oo mikää pro näitten koneitten kanssa

blade81 · Mar 15, 2006

Lataa Ewido ja päivitä se (latausosoite+ohjeet: http://keskustelu.afterdawn.com/thread_view.cfm/269186). ÄLÄ aja vielä!

Käynnistä lisää/poista -työkalu ja poista (jos löytyy):
Messenger plus 3 (voi olla vähän eri nimellä)

Poista myös (jos löytyy):
C:\Program Files\[bold]MessengerPlus! 3[/bold]

Käynnistä hjt, klikkaa do a system scan only ja merkkaa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ledizuzpurovynuzjjyaa.net/ggmeJCbamePeQJJq_Y3HYfXG9e12...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fzcfsnqizreoyibtvdvve.com/ggmeJCbameNjnoV1I4wHNDY8Gjv8...
O2 - BHO: (no name) - {2BA71342-1A3C-0B7C-7177-B32AFC72FAA7} - C:\DOCUME~1\PIEVIL~1\APPLIC~1\COOLMO~1\Cake Great.exe
O2 - BHO: (no name) - {4B3B94C0-CD10-422F-8229-1C3897E7B358} - C:\WINDOWS\System32\dfhh.dll (file missing)
O2 - BHO: (no name) - {7064E6E4-87E2-0F24-274E-A8CC38A7626B} - C:\DOCUME~1\PIEVIL~1\APPLIC~1\COOLMO~1\Cake Great.exe
O4 - HKLM\..\Run: [Tray Glue Proxy Extra] C:\Documents and Settings\All Users\Application Data\RULEBIRDTRAYGLUE\one style.exe
O4 - HKLM\..\Run: [SEEK MAIL MFCD TWO] C:\Documents and Settings\All Users\Application Data\thunk vc seek mail\start comp.exe
O4 - HKCU\..\Run: [64wait] C:\DOCUME~1\PIEVIL~1\APPLIC~1\STYLEB~1\BodyPileWay.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Sulje muut ikkunat ja klikkaa fix checked.

Käynnistä kone vikasietotilaan (F8ia koneen käynnistyessä):

Laita piilotiedostot näkyviin: http://keskustelu.afterdawn.com/thread_view.cfm/248944

Poista seuraavat (jos löytyy):
C:\DOCUME~1\PIEVIL~1\APPLIC~1\[bold]COOLMO~1[/bold]
C:\WINDOWS\System32\[bold]dfhh.dll[/bold]
C:\Documents and Settings\All Users\Application Data\[bold]RULEBIRDTRAYGLUE[/bold]
C:\Documents and Settings\All Users\Application Data\[bold]thunk vc seek mail[/bold]
C:\DOCUME~1\PIEVIL~1\APPLIC~1\[bold]STYLEB~1[/bold]

Laita piilotiedostot takaisin piiloon. Skannaa Ewidolla (full scan) ja talleta loki.

Käynnistä normaalitilaan.

Lataa Findlop (http://metallica.geekstogo.com/findlop.zip) ja pura zippi ,Tuplaklikkaa findlop.bat. Tämän jälkeen lähetä Findlopin tulokset (c:\findlop.txt), Ewidon loki sekä uusi hjt-loki.

volvo242 · Mar 15, 2006

Dodii täs ois taas näitä lokeja, ja ei muuten oo ainakaa viel tullu niit kuvakkeita jes!

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AAC682F5918136FD.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\pievil~1\applic~1\styleb~1\Roambasefirst.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Pieviläinen'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 03/15/2006 14:00:00
NextRun: 03/15/2006 15:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/22/1999
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:48:44, 15.3.2006
+ Report-Checksum: CD1BFF23

+ Scan result:

:mozilla.32:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Pieviläinen\Application Data\Mozilla\Firefox\Profiles\2g42mjs8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Pieviläinen\Cookies\pieviläinen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 14:57:03, on 15.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dzqcibgpihgncucvrsigp.co...9e12Yb89iWde2U/AMjhRUcIt6_ZxDrtu628wiNhz.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107164884905
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

blade81 · Mar 15, 2006

Siivotaan hjt:n lokista vielä sinne jääneet turhuudet.

Käynnistä hjt, klikkaa do a system scan only, merkkaa:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dzqcibgpihgncucvrsigp.com/ggmeJCbamePeQJJq_Y3HYfXG9e12...

Sulje muut ikkunat ja klikkaa fix checked.

Seuraavaksi poistetaan löytynyt lopjob

Lataa Killbox Option^Explicitiltä (http://www.downloads.subratam.org/KillBox.zip).

* Tallenna työpöydällesi.
* Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
* Valitse:
o Delete on Reboot
o sitten klikkaa All Files valintaa.

* Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
[bold]C:\Windows\Tasks\AAC682F5918136FD.job[/bold]

* Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

* Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).

Lähetä uusi hjt loki.

volvo242 · Mar 15, 2006

Ei tullu mitää PendingFileRenameOperations pyyntöjä.
Ja täs ois taas uus hjt loki

Logfile of HijackThis v1.99.1
Scan saved at 16:49:17, on 15.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1107164884905
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

blade81 · Mar 15, 2006

Loki on puhdas.

volvo242 · Mar 15, 2006

Tuhannet kiitokset!

blade81 · Mar 15, 2006

Ole hyvä. =)

Log in or Sign up

kuvakkeet hyppii silmille

volvo242 Member

-kemisti- Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

Share This Page

Log in or Sign up

kuvakkeet hyppii silmille

volvo242 Member

-kemisti- Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

volvo242 Member

blade81 Active member

Share This Page

Useful Searches