SPYWARE INFECTION

Udde · Jan 26, 2006

Samanlaisia ongelmia löyty muiltakin. Sen verran ymmärsin muista viesteistä, että lähetä tämä lista teille jos joku vois sen teistä
tarkistaa.
Ja kertoa mitä seuraavaksi?

Logfile of HijackThis v1.99.1
Scan saved at 9:27:44, on 27.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Ecom3\IB\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Ecom3\IB\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&utm_campaign=wdz0805
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&utm_campaign=wdz0805
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://order.kagi.com/?47D
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\system32\KLSASS.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104953927733
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Ecom3\IB\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Ecom3\IB\bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe

aaxxeell · Jan 26, 2006

Putsataan tuota hjt loki alkuun..

Hae ewido
-> http://keskustelu.afterdawn.com/thread_view.cfm/269186
Päivitä ohjeiden mukaan mutta älä aja vielä.

<<<<<<<<<<<<<<<<<<<<<<<<<Avaa vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>
(Naputtele f8 käynnistymisen yhteydessä ja valitse vikasietotila)

Laita se ruksi ewidon asetuksissa "Scan all files"
Aja nyt koko kone ja lähetä ohjeiden mukaan ewidon raportti tänne.

Udde · Jan 27, 2006

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:34:54, 27.1.2006
+ Report-Checksum: AED42A4A

+ Scan result:

HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoChangingWallpaper -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoComponents -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoAddingComponents -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoDeletingComponents -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoEditingComponents -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\\NoHTMLWallPaper -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceActiveDesktopOn -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\\Wallpaper -> Trojan.Small : Cleaned with backup
HKU\S-1-5-21-1957994488-113007714-839522115-1004\Software\SNO2 -> Adware.SpySheriff : Cleaned with backup
[784] c:\program files\common files\microsoft shared\web folders\ibm00001.dll -> Logger.Agent.jo : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.fusk-access : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Ne : Cleaned with backup
:mozilla.831:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adocean : Cleaned with backup
:mozilla.834:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Tfag : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Atte\Application Data\Mozilla\Firefox\Profiles\33728500.default\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temp\ASearchAssist.dll -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temporary Internet Files\Content.IE5\8DWHA3KP\kl[1].txt -> Logger.Small.dg : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temporary Internet Files\Content.IE5\8LGVGZKF\country[1].htm -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temporary Internet Files\Content.IE5\A5KFIL25\tool2[1].txt -> Not-A-Virus.Hoax.Win32.Renos.av : Cleaned with backup
C:\Documents and Settings\Atte\Local Settings\Temporary Internet Files\Content.IE5\IX1QVIHC\paytime[1].txt -> Hijacker.StartPage.agp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-1.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-10.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-11.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-12.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-13.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-14.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-15.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-16.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-17.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-18.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-19.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-2.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-20.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-21.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-22.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-23.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-24.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-25.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-26.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-27.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-28.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-29.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-3.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-4.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-5.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-6.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-7.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-8.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies-9.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Riikka\Application Data\Mozilla\Firefox\Profiles\8h64gtqb.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Agent.jo : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Logger.Agent.jl : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Agent.jo : Cleaned with backup
C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\system32\paytime.exe -> Hijacker.StartPage.agp : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.av : Cleaned with backup

::Report End

aaxxeell · Jan 27, 2006

Ewidon raportti ok. Unohdin mainita että uusi hjt loki viel lähdetään se puhdistamaan sitten.

Udde · Jan 27, 2006

Logfile of HijackThis v1.99.1
Scan saved at 15:02:14, on 27.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Ecom3\IB\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Ecom3\IB\bin\ibserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&utm_campaign=wdz0805
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&utm_campaign=wdz0805
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://order.kagi.com/?47D
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\system32\KLSASS.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104953927733
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Ecom3\IB\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Ecom3\IB\bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe

Tonski · Jan 27, 2006

Taisi tuo lokin fixaus jäädä tieltä... Poista tämä ohjauspaneelista jos löytyy:

Accoona SearchAssistant (Tai joku vastaavan oloinen)

Sitten fixaa nämä:

R3 - Default URLSearchHook is missing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant....
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant....
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - C:\Program Files\Accoona\atoolbar.dll (file missing)
O4 - Startup: PowerReg Scheduler V3.exe

Sitten käynnistä kone uudelleen ja lähetä uusi loki.

Udde · Jan 27, 2006

Ohjauspaneelista: Lisää poista sovellus?
Fixaa?? En oikeen ymmärrä, helkutin vaikeita
käyttää nää pirunmyllyt.

Tonski · Jan 27, 2006

Siis kun HijackThis on skannannut niin siihen tulee nuo kohdat muiden joukossa. Vasemmalla on tyhjiä neliöitä tietyn rivin kohdalla. Noiden rivien kohdalla pistät raksin ruutuun ja kun olet kaikkien noiden kohdalle sen raksin pistänyt niin painat alhaalta nappulaa [bold]Fix checked[/bold]. Sitten mene ohjauspaneeliin ja ota sieltä lisää/poista-sovellus. Etsi sieltä tuo [bold]Accoona SearchAssistant[/bold] (Nimen välissä/perässä voi olla jotain mutta jos tuo lukee niin poista se) ja poista se sitä kautta. Sitten käynnistä se kone uudelleen ja lähetä uusi loki.

Udde · Jan 27, 2006

Logfile of HijackThis v1.99.1
Scan saved at 15:56:47, on 27.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Ecom3\IB\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Ecom3\IB\bin\ibserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://order.kagi.com/?47D
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft LSASS Network File] C:\WINDOWS\system32\KLSASS.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104953927733
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Ecom3\IB\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Ecom3\IB\bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\psimsvc.exe

Accoona SearchAssistant ei löytynyt

Tonski · Jan 27, 2006

No poista ainakin kansio tästä tiedostopolusta:

C:\Program Files\[bold]Accoona[/bold]\ASearchAssist.dll

Tuo Accoona joutaa mäkeen.

Udde · Jan 27, 2006

Tehty, oiskos nyt kaikki suunnilleen kunnos.
Kiitoksia oikein paljon.

Tonski · Jan 27, 2006

*poistettu*

aaxxeell · Jan 27, 2006

Eihän se spyware Infection mihinkään lähtenyt vissiin?

Tonski · Jan 27, 2006

Eikun nyt teinkin aloittelijamaisen virheen, eli fixaa myös nämä:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

Aseta piilotiedostot näkyviin, ohje tulee tässä:

* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.

Ja sitten poista nuo secure32 tiedostot tuolta tiedostopolusta joka on: c:\secure32.html eli suoraan C-asemasta poistat kaikki löytyvät [bold]secure32.html[/bold] tiedostot.

Mene Ohjauspaneelin lisää/poista toimintoon ja etsi sieltä sellainen ohjelma kuin Avast. Poista se ja kaikki joissa esiintyy tuo Avast-nimi.

Sen jälkeen käynnistä kone uudelleen ja lähetä uusi loki. Jos ei tuo Avast ohjauspaneelipoiston kautta lähtenyt niin annan lisäohjeita.

Udde · Jan 27, 2006

secure32 tiedostot poistettu. Miksi Avast pitäisi poistaa eikös se ole joku virusten torjunta ohjelma? Mun muistaakseni kaveri asenti jonku sellasen ku ois pitäny uusia sopimus pandan kans.

aaxxeell · Jan 28, 2006

Udde Lähtikö se spyware infection teksti?

Sinullahan on Panda Platinum joka sisältää virustorjunnan, kaksi virustorjuntaohjelmaa (Panda + Avast) sekoittaa konetta. Oletko varma että käytät molempia?

Udde · Jan 28, 2006

Kyllä lähti spyware teksti. Panda:sta loppu lisenssi ja se rupes sekoilemaan ni siksi avast. Nyt pitäis olla panda pois käytöstä.

aaxxeell · Jan 28, 2006

Selvä mutta nythän sinulta taas puuttuu palomuuri.
Ettei teksti tulisi äkkiä takaisin ja vähän muuta niin
käy ihmeessä hakemassa yksi ilmainen.
- Zone Alarm http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp
- Kerio Personal Firewall http://www.sunbelt-software.com/Kerio-Download.cfm
- Outpost Firewall http://www.agnitum.com/products/outpostfree/download.php
- Comodo Personal Firewall http://www.personalfirewall.comodo.com/
- Jetico Personal firewall http://www.jetico.com/

Muutoin ok.

Udde · Jan 29, 2006

Palomuuri hoidossa Zone Alarm.
Kiitos, tästä oli paljo apua.

aaxxeell · Jan 29, 2006

Hienoa, ole hyvä vaan

Log in or Sign up

SPYWARE INFECTION

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

aaxxeell Regular member

Tonski Regular member

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Share This Page

Log in or Sign up

SPYWARE INFECTION

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

Udde Member

Tonski Regular member

aaxxeell Regular member

Tonski Regular member

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Udde Member

aaxxeell Regular member

Share This Page

Useful Searches