Popuppeja tulvii koneelle -hjt

TeleHell · Feb 16, 2007

Eli tuli ladattua feikkitorrentin takia joku salasanan metsästysohjelma (kryptattu .rar tiedosto) ja sitä kautta rupesi tulemaan nyttemmin popuppeja koneelle.
Itse epäilisin C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe;ä mikä liekkään, ja toinen on tuo O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
mutta eipä noita uskalla poistaa ennen kuin varma asiasta..

HJT seuraavassa;

Logfile of HijackThis v1.99.1
Scan saved at 13:55:41, on 16.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Config\explorer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: DirectX Service (DirectSigz) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 16, 2007

ajas tuosta

Lataa NoLoptyöpöydällesi yhdestä seuraavista linkeistä...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataamscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx
ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

scannaa hjt:llä merkkaa paina Fix checked

O23 - Service: DirectX Service (DirectSigz) - Unknown owner - C:\WINDOWS\system32\directx.exe

käynnistä > suorita kirjoita alla olevat rivit ja jokaisen rivin jälkeen paina enter

sc stop DirectSigz
sc delete DirectSigz

TeleHell · Feb 16, 2007

Juu, no tässäpä tuo Nolop;in loki;

NoLop! Log by Skate_Punk_21

Fix running from: D:\
[16.2.2007]
[15:05:56]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A283DB2F93F05A7F.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow
C:\Documents and Settings\All Users\Application Data\Firstclass
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Jarkko\Application Data\Adobe
C:\Documents and Settings\Jarkko\Application Data\Adobeum
C:\Documents and Settings\Jarkko\Application Data\Ahead
C:\Documents and Settings\Jarkko\Application Data\Apple Computer
C:\Documents and Settings\Jarkko\Application Data\Ati
C:\Documents and Settings\Jarkko\Application Data\Creative
C:\Documents and Settings\Jarkko\Application Data\Cyberlink
C:\Documents and Settings\Jarkko\Application Data\Drv Build
C:\Documents and Settings\Jarkko\Application Data\Gearbox Software
C:\Documents and Settings\Jarkko\Application Data\Google
C:\Documents and Settings\Jarkko\Application Data\Identities
C:\Documents and Settings\Jarkko\Application Data\Intertrust
C:\Documents and Settings\Jarkko\Application Data\Lavasoft
C:\Documents and Settings\Jarkko\Application Data\Locktime
C:\Documents and Settings\Jarkko\Application Data\Logitech
C:\Documents and Settings\Jarkko\Application Data\Macromedia
C:\Documents and Settings\Jarkko\Application Data\Microsoft
C:\Documents and Settings\Jarkko\Application Data\Mozilla
C:\Documents and Settings\Jarkko\Application Data\Nch Swift Sound
C:\Documents and Settings\Jarkko\Application Data\Officeupdate12
C:\Documents and Settings\Jarkko\Application Data\Sun
C:\Documents and Settings\Jarkko\Application Data\Systweak
C:\Documents and Settings\Jarkko\Application Data\Talkback
C:\Documents and Settings\Jarkko\Application Data\Tuneup Software
C:\Documents and Settings\Jarkko\Application Data\Vlc
C:\Documents and Settings\Jarkko\Application Data\Vso
C:\Documents and Settings\Jarkko\Application Data\Vso_hwe -- EMPTY Directory
C:\Documents and Settings\Jarkko\Application Data\Xfire
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Adobe
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Pirjo\Application Data\Identities
C:\Documents and Settings\Pirjo\Application Data\Microsoft

Ja tässä HJT;

Logfile of HijackThis v1.99.1
Scan saved at 15:12:08, on 16.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Config\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATITool\ATITool.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: DirectX Service (DirectSigz) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 16, 2007

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: DirectX Service (DirectSigz) - Unknown owner - C:\WINDOWS\system32\directx.exe

käynnistä > suorita kirjoita alla olevat rivit ja jokaisen rivin jälkeen paina enter

sc stop DirectSigz
sc delete DirectSigz

TeleHell · Feb 16, 2007

Tehty. Edelleen tulee popuppeja kun netin aukaisee. AVG:llä olen ajanut, ccleanerilla puhistanut.. pitänee testata Escania?

TeleHell · Feb 16, 2007

Njoo.. eipä escanikaan mitään löytänyt ..

Hujo · Feb 16, 2007

laita hjt loki

TeleHell · Feb 16, 2007

No tässäpä tämä loki taas ;

Logfile of HijackThis v1.99.1
Scan saved at 17:06:17, on 16.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Config\explorer.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 16, 2007

Nimeä uudeleen
C:\HJT\HijackThis.exe <-- pommiksi ja uusi hjt loki

TeleHell · Feb 16, 2007

Tarkoititkohan nyt tätä, siis nimesin tuonh HijackThis sovelluksen tuohon hijackthis.exe nimiseksi..
No tässä loki;

Logfile of HijackThis v1.99.1
Scan saved at 11:21:33, on 17.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 16, 2007

C:\HJT\HijackThis.exe.exe
oikea kohta minkä nimesit mutta laita siihen vain pommi

TeleHell · Feb 16, 2007

Aivan joo ..

Logfile of HijackThis v1.99.1
Scan saved at 11:37:35, on 17.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\Pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 17, 2007

scannaa hjt:llä merkkaa paina fix checked

O4 - HKLM\..\Run: [usermeowdeletetype] C:\Documents and Settings\All Users\Application Data\Bolt Play User Meow\bore four.exe
O4 - HKCU\..\Run: [IDLE COOL] C:\DOCUME~1\jarkko\APPLIC~1\DRVBUI~1\Warninsidemp3.exe

TeleHell · Feb 17, 2007

Fixattu on, edelleen tulee popuppeja aina kun netin aukaisee.
Uusi loki;

Logfile of HijackThis v1.99.1
Scan saved at 11:23:02, on 18.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ohjelmat\Sygate\SPF\smc.exe
D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Ohjelmat\Bluetooth\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe
D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\Pommi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Ohjelmat\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [avast!] D:\Ohjelmat\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170270104421
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ohjelmat\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Ohjelmat\Bluetooth\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Ohjelmat\Sygate\SPF\smc.exe

Hujo · Feb 17, 2007

Puhas loki

TeleHell · Feb 18, 2007

Jaa-a.. ja silti vaan paskaa pukkaa :s.. mitähän sitä.

Kun ei Escanikaan mitään löydä, eikä AVG. Vieläkö on hyviä ohjelmia?
Tämä muuten ilmaantu sellaisen kun Bitgrabber ohjelman latauksen jälkeen, tuli vaan mieleen. Poistin kyllä sen, ja rekisterin puhdistin myös

Hujo · Feb 18, 2007

ajas tuosta

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
• Käynnistä tietokone
• Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
• Seuraavaksi pitäisi ilmestyä valikko
• Valitse valikosta vikasietotila.

• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

laita vielä

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

TeleHell · Feb 18, 2007

SDFix;

SDFix: Version 1.66

Run by jarkko - su 18.02.2007 @ 15:58:14,95

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\Documents and Settings\jarkko\Ty”p”yt„\SDFix

Safe Mode:
Checking Services:

Name:

Path:

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Etätuki - Windows Messenger ja ääniyhteys"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"D:\\Ohjelmat\\Bluetooth\\BlueSoleil.exe"="D:\\Ohjelmat\\Bluetooth\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\WINDOWS\\Config\\explorer.exe"="C:\\WINDOWS\\Config\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\WINDOWS\\Config\\explorer.exe"="C:\\WINDOWS\\Config\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\RO77E3.tmp.LOG
C:\WINDOWS\system32\RO77E8.tmp.LOG
C:\WINDOWS\system32\RO77EB.tmp.LOG
C:\WINDOWS\system32\RO77F0.tmp.LOG
C:\WINDOWS\system32\RO77F3.tmp.LOG
C:\WINDOWS\system32\RO77F8.tmp.LOG
C:\WINDOWS\system32\RO77FB.tmp.LOG
C:\WINDOWS\system32\RO7800.tmp.LOG
C:\WINDOWS\system32\RO7803.tmp.LOG
C:\WINDOWS\system32\RO7808.tmp.LOG
C:\WINDOWS\system32\RO780B.tmp.LOG
C:\WINDOWS\system32\RO7810.tmp.LOG
C:\WINDOWS\system32\ROC30B.tmp.LOG
C:\WINDOWS\system32\ROC310.tmp.LOG
C:\WINDOWS\system32\ROC313.tmp.LOG
C:\WINDOWS\system32\ROC318.tmp.LOG
C:\WINDOWS\system32\ROC31B.tmp.LOG
C:\WINDOWS\system32\ROC320.tmp.LOG
C:\WINDOWS\system32\ROC323.tmp.LOG
C:\WINDOWS\system32\ROC328.tmp.LOG
C:\WINDOWS\system32\ROC32B.tmp.LOG
C:\WINDOWS\system32\ROC330.tmp.LOG
C:\WINDOWS\system32\ROC333.tmp.LOG
C:\WINDOWS\system32\ROC338.tmp.LOG

Add/Remove Programs List:

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
Adobe Shockwave Player
ATI - Software Uninstall Utility
ATI Display Driver
ATITool Overclocking Utility
avast! Antivirus
AVG Anti-Spyware 7.5
BitComet 0.70
Brothers In Arms
Brothers In Arms EiB
BSPlayer
CCleaner (remove only)
DC++ 0.691
eMule Plus 1.2
EVEREST Ultimate Edition v2.50
Express Rip Uninstall
ffdshow [rev 770] [2007-01-13]
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
PowerQuest PartitionMagic 8.0 Demo
Age of Empires III
Call of Duty(R) 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0:n suomen kielipaketti
Mozilla Firefox (2.0.0.1)
Nero 6 Enterprise Edition
NetLimiter 1.30 (remove only)
Microsoft National Language Support Downlevel APIs
PeerGuardian 2.0
PowerISO
Logitech© Camera -ohjain
QuickTime
Bulent's Screen Recorder
Subtitle Workshop 2.51
Creative System Information
VideoLAN VLC media player 0.8.5
VobSub v2.23 (Remove Only)
WavePad Uninstall
Windows Imaging Component
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XML Paper Specification Shared Components Language Pack 1.0
Microsoft .NET Framework 3.0 Finnish Language Pack
WinXP Manager
Sound Blaster Audigy
Multimedia Launcher
Creative MediaSource
Logitech SetPoint
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
DAEMON Tools
Windows Communication Foundation Language Pack - FIN
Microsoft .NET Framework 1.1 Finnish Language Pack
Windows Communication Foundation
O&O Defrag Professional Edition
FirstClass© Client
Advanced System Optimizer 2.01
PartitionMagic
WinXP Manager
Microsoft .NET Framework 2.0
Age of Empires III
Windows Workflow Foundation
TuneUp Utilities 2006
Windows Workflow Foundation FI Language Pack
Microsoft Office XP Professional ja FrontPage
Windows Presentation Foundation Language Pack (FIN)
Windows Messenger 5.1
Microsoft .NET Framework 3.0
Apple Software Update
Microsoft .NET Framework 2.0 Language Pack - FIN
Adobe Reader 7.0.9
ATI Catalyst Control Center
DVD Solution
Windows Presentation Foundation
ConvertXtoDVD 2.0.11
Microsoft .NET Framework 1.1
Call of Duty(R) 2
Windows Live Messenger
BlueSoleil
Sygate Personal Firewall
EasyCleaner
Realtek AC'97 Audio

Finished

HJT;
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Advanced System Optimizer 2.01
Age of Empires III
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATITool Overclocking Utility
avast! Antivirus
AVG Anti-Spyware 7.5
BitComet 0.70
BlueSoleil
Brothers In Arms
Brothers In Arms EiB
BSPlayer
Bulent's Screen Recorder
Call of Duty(R) 2
CCleaner (remove only)
ConvertXtoDVD 2.0.11
Creative MediaSource
Creative System Information
DAEMON Tools
DC++ 0.691
DVD Solution
EasyCleaner
eMule Plus 1.2
EVEREST Ultimate Edition v2.50
Express Rip Uninstall
ffdshow [rev 770] [2007-01-13]
FirstClass® Client
HijackThis 1.99.1
Hotfix-päivitys Windows XP:lle (KB914440)
Hotfix-päivitys Windows XP:lle (KB915865)
Hotfix-päivitys Windows XP:lle (KB928388)
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
Logitech SetPoint
Logitech® Camera -ohjain
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FIN
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB917283)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Finnish Language Pack
Microsoft .NET Framework 3.0:n suomen kielipaketti
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional ja FrontPage
Mozilla Firefox (2.0.0.1)
MSXML 6.0 Parser (KB927977)
Multimedia Launcher
Nero 6 Enterprise Edition
NetLimiter 1.30 (remove only)
O&O Defrag Professional Edition
PeerGuardian 2.0
PowerISO
PowerQuest PartitionMagic 8.0 Demo
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB904942)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB925720)
Päivitys Windows XP:lle (KB925876)
Päivitys Windows XP:lle (KB931836)
QuickTime
Realtek AC'97 Audio
Sound Blaster Audigy
Subtitle Workshop 2.51
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB917734)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911280)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913433)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB916281)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Sygate Personal Firewall
TuneUp Utilities 2006
WavePad Uninstall
VideoLAN VLC media player 0.8.5
Winamp (remove only)
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Messenger 5.1
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FIN)
Windows Workflow Foundation
Windows Workflow Foundation FI Language Pack
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinXP Manager
WinXP Manager
VobSub v2.23 (Remove Only)
XML Paper Specification Shared Components Language Pack 1.0

Hujo · Feb 18, 2007

Poistas tuosta lisää poista sovelutuksesta

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
EasyCleaner

katotaas tuosta

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

TeleHell · Feb 18, 2007

Poistas tuosta lisää poista sovelutuksesta

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
EasyCleaner

Click to expand...

Tarkoitatko HJT;llä, ja Delete this entry? Vai jokin muu.

Ja tässä smitfraud;

SmitFraudFix v2.142

Scan done at 19:21:37,56, su 18.02.2007
Run from C:\Documents and Settings\jarkko\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jarkko

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jarkko\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jarkko\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Log in or Sign up

Popuppeja tulvii koneelle -hjt

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Share This Page

Log in or Sign up

Popuppeja tulvii koneelle -hjt

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Hujo Guest

TeleHell Regular member

Share This Page

Useful Searches