Tietokone ei käynnisty

Discussion in 'Virukset ja haittaohjelmat' started by typ0, May 22, 2007.

Page 1 of 2
  1. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Juu tuli kai joku viirus koneelle äskettäin. Tuli tonne kellon viereen sellainen kuvake jossa on valkonen ruksi punasella taustalla ja se valitti jotain, että"Spyware detected, download antivirus program." Sitten käynnistin koneen uudestaan ja kun se käynnistyi tuli sininen ruutu jossa luki valkoisella suunnilleen "Windowsin käynnistyminen epäonnistui" ja loppuun tuli joku "fyysisen laitteiston tarkastus valmis" ja tilttas siihen. Suljin koneen ja koitin käynnistää uudestaan, mutta koneppa ei käynnistynyt, Tuuletin kyllä surisee, mutta näytössä lukee vain no signal. Mitäs pitäis tehdä vai vienkö koneen vain takuuhuoltoon?
    edit:siirtäkää, jos väärä alue.
     
    Last edited: May 22, 2007
    typ0, May 22, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Ihan oikee alue, smitfraudhan se sielä, mitenköhän ton nyt sais käynnistettyä :| ootko koittanu rämpyttää alussa F8?
     
    Auttaja, May 22, 2007
    #2
  3. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Mukavaa, kone ei lähde enään edes käyntiin :S
     
    typ0, May 22, 2007
    #3
  4. Auttaja

    Auttaja Guest

    Kysy tuolla windowsongelmien puolella mitä keksivät, kuulostaa vähän laitteistovialta (lisäksi haittaohjelmia).
     
    Auttaja, May 22, 2007
    #4
  5. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Noniin nyt käynnistyi tietokone, mutta jää jumiin siihen windows logon ja kirjautumis ikkunan väliin.Mitä teen?
     
    typ0, May 22, 2007
    #5
  6. kelari

    kelari Regular member

    Joined:
    Jul 26, 2006
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    26
    Rämpytä sitä f8:sia että pääset vikasietotilaan.
     
    kelari, May 22, 2007
    #6
  7. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Noniin, pääsin vikasietotilaan. Jos se kerran on tuo smitfraud niin miten poistan sen?
    Edit: Menin vikasietotilaan, mutta kirjautumisruudussa tuli ilmoitus, että Järjestelmä sammutetaan. Siinä on 50 sek aikaa ja se ilmottelee siinä kanssa että tallenna kaikki keskeneräiset jutut ja sitten lopussa oli joku järjestelmän sammuttaja NT-HALLINTA/SYSTEM.Mikä avuksi?
     
    Last edited: May 23, 2007
    typ0, May 23, 2007
    #7
  8. Auttaja

    Auttaja Guest

    jos pääset sinne vikasietoon, täss ohjetta

    Lataa SmitfraudFix (by S!Ri) työpöydällesi.


    Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.


    Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

     
    Last edited by a moderator: May 23, 2007
    Auttaja, May 23, 2007
    #8
  9. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Menee hermot. Kun pääsen vikasietotilaan niin se herjaa tuota samaa juttua kokoajan "Järjestelmä sammutetaan plaa plaa plaa, sammuttaja (tai jotain sinne päin) NT-HALLINTA/SYSTEM" Sitten näkyy sekuntikello, 60 sek aikaa. Sitten varoitusruudun lopuksi lukee "Sanoma - Windows täytyy käynnistää uudelleen, koska DCOM-palvelin (tässä oli pari sanaa vielä) järjestelmä-palvelu keskeytyi yllättäen.
     
    Last edited: May 23, 2007
    typ0, May 23, 2007
    #9
  10. Auttaja

    Auttaja Guest

    njaa, joko kyselit tuoll windowsongelmista alkuapua?
     
    Auttaja, May 23, 2007
    #10
  11. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Noniin, pääsin vikasietotilaan ja tässä olisi raportti. Laitoin vahingossa tuon smitfraundin meneen 2 kertaa, joten en tiedä vaikuttaakose jotenkin tuohon raporttiin. Laitan nyt vielä hjt-lokin mukaan, että tulee kaikki kura pois samalla.

    ==========
    SmitFraudFix v2.186

    Scan done at 23:38:13,26, ke 23.05.2007
    Run from D:\Documents and Settings\Temes\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ==========

    Logfile of HijackThis v1.99.1
    Scan saved at 10:03:05, on 24.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\aspimgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ServicePackFiles\services.exe
    C:\WINDOWS\ServicePackFiles\services.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\TEMP\win94.tmp.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\TEMP\win96.tmp.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\fccbcab.dll
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SManager] smanager.7.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxof.dll,startup
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

     
    typ0, May 23, 2007
    #11
  12. Auttaja

    Auttaja Guest

    Lataa VundoFix.exe työpöydällesi.
    *Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    *Klikkaa Scan for Vundo valintaa.
    *Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    *Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.



    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    ==========

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    Laita uusi HijackThis logi sekä tämän tiedoston sisältö C:\vundofix.txt ja (C:\ComboFix.txt) sisältö
     
    Last edited by a moderator: May 23, 2007
    Auttaja, May 23, 2007
    #12
  13. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Noniin, tässä olis:

    ==========

    Logfile of HijackThis v1.99.1
    Scan saved at 15:42:48, on 24.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\aspimgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\TEMP\winF1.tmp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SManager] smanager.7.exe
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
    O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
    O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

    ==========

    "Temes" - 2007-05-24 14:46:55 Service Pack 2
    ComboFix 07-05.24.4.V - Running from: "D:\Documents and Settings\Temes\Ty”p”yt„\"

    Rootkit driver pe386 is present. ... attempting disinfection
    pe386 ...... driver unloaded successfully.
    ADS removed - system32: deleted 145160 bytes in 2 streams.

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\system32\alt.exe.exe"
    "C:\WINDOWS\system32\pee.exe.exe"
    "C:\WINDOWS\servicepackfiles\522124519.dll"
    "C:\WINDOWS\servicepackfiles\services.exe"
    "C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico"
    "C:\WINDOWS\servicepackfiles\www.google.com\index.html"
    "C:\WINDOWS\servicepackfiles\www.google.com\thank.html"
    "C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif"
    "C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif"
    "C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif"
    "C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif"
    "C:\WINDOWS\system32\arcac.exe"
    "C:\WINDOWS\system32\v7.exe"
    "C:\WINDOWS\system32\wincom32.ini"
    "C:\WINDOWS\system32\wincom32.sys"
    "C:\WINDOWS\system32\winsub.xml"
    "C:\i"
    "C:\install.log"
    "C:\WINDOWS\s32.txt"
    "C:\WINDOWS\servicepackfiles\free.exe"
    "C:\WINDOWS\winvip.exe"
    "C:\WINDOWS\ws386.ini"
    "C:\WINDOWS\ServicePackFiles\killer.exe"
    "C:\WINDOWS\ServicePackFiles\socks.exe"
    "C:\WINDOWS\system32\lzx32.sys"
    "C:\WINDOWS\servicepackfiles\www.google.com"
    "C:\WINDOWS\system32\setlink.dll"
    "C:\WINDOWS\system32\ksl48.bin"
    "C:\WINDOWS\system32\xartcd5.dll"
    "C:\WINDOWS\system32\xartcd7.sys"
    "C:\WINDOWS\system32\windev-3c52-2083.sys"
    "C:\WINDOWS\system32\windev-peers.ini"


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_ICF
    -------\LEGACY_WINCOM32
    -------\LEGACY_XARTCD7
    -------\ICF
    -------\xartcd7
    -------\windev-3c52-2083


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


    2007-05-24 14:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2007-05-24 13:57 <KANSIO> d-------- C:\VundoFix Backups
    2007-05-24 10:00 93,696 --a------ C:\WINDOWS\system32\drvxof.dll
    2007-05-23 23:22 970 --a------ C:\WINDOWS\system32\tmp.reg
    2007-05-22 15:48 133,684 --a------ C:\WINDOWS\system32\alt.exe
    2007-05-22 15:45 46,080 --a------ D:\DOCUME~1\ALLUSE~1\APPLIC~1\fkjwfeds.exe
    2007-05-22 15:44 9,216 --a------ C:\ecri.exe
    2007-05-22 15:44 82,944 --a------ C:\cwainda.exe
    2007-05-22 15:44 61,440 --a------ C:\WINDOWS\system32\aspimgr.exe
    2007-05-22 15:44 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
    2007-05-22 15:43 93,696 --a------ C:\WINDOWS\system32\drvpev.dll
    2007-05-22 15:43 18,944 --a------ C:\WINDOWS\system32\winmfu32.dll
    2007-05-21 19:56 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Sonic Foundry
    2007-05-21 19:55 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
    2007-05-21 19:55 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
    2007-05-21 19:55 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2007-05-21 19:55 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
    2007-05-21 19:55 <KANSIO> d-------- C:\Program Files\Sonic Foundry Setup
    2007-05-21 19:55 <KANSIO> d-------- C:\Program Files\Sonic Foundry
    2007-05-20 22:34 <KANSIO> d-------- C:\Program Files\Kreatives.org
    2007-05-17 14:30 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\fretsonfire
    2007-05-16 15:02 <KANSIO> d-------- C:\Program Files\Common Files\NSV
    2007-05-15 16:07 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Nokia Multimedia Player
    2007-05-15 15:53 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2007-05-15 15:53 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
    2007-05-15 15:51 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2007-05-15 15:51 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2007-05-15 15:51 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2007-05-15 15:51 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2007-05-15 15:51 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2007-05-15 15:51 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2007-05-15 15:42 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    2007-05-13 18:52 73,728 --a------ C:\WINDOWS\system\WS2_32.DLL
    2007-05-13 18:51 <KANSIO> d-------- C:\Program Files\Yahoo!
    2007-05-13 14:52 152,576 --a------ C:\WINDOWS\system\CNCS32.DLL
    2007-05-12 22:24 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Orbit
    2007-05-12 22:24 <KANSIO> d-------- C:\Program Files\Orbitdownloader
    2007-05-12 15:57 <KANSIO> d-------- D:\DOCUME~1\Temes\.jogl_ext
    2007-05-11 22:42 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2007-05-11 22:42 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
    2007-05-11 22:42 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
    2007-05-11 22:42 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2007-05-11 22:42 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
    2007-05-11 22:42 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    2007-05-09 17:20 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-05-05 21:12 <KANSIO> dr------- D:\DOCUME~1\NETWOR~1\Suosikit
    2007-05-03 16:46 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
    2007-05-03 16:46 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
    2007-05-03 16:46 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
    2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
    2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
    2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
    2007-05-03 16:46 <KANSIO> d-------- C:\Program Files\Sygate
    2007-05-03 16:46 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-05-03 13:06 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Uniblue
    2007-05-03 12:44 499,712 --a------ C:\WINDOWS\system\MSVCP71.DLL
    2007-05-03 12:41 348,160 --a------ C:\WINDOWS\system\MSVCR71.dll
    2007-05-02 20:35 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
    2007-04-30 18:19 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-04-30 18:19 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-04-30 18:19 <KANSIO> d-------- C:\Program Files\Xvid
    2007-04-24 13:35 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2007-04-24 13:35 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
    2007-04-24 13:25 <KANSIO> d--h----- C:\WINDOWS\HUL
    2007-04-24 13:19 <KANSIO> d-------- C:\ijji
    2007-04-24 09:31 967 --a------ C:\WINDOWS\ScUnin.pif
    2007-04-24 09:31 94,208 --a------ C:\WINDOWS\ScUnin.exe
    2007-04-24 09:31 11,868 --a------ C:\WINDOWS\scunin.dat


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-22 12:44:38 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2007-05-22 10:50:07 817 --sha-w C:\WINDOWS\system32\mmf.sys
    2007-05-21 15:19:31 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-16 15:08:00 -------- d-----w C:\Program Files\RevConnect
    2007-05-15 13:05:56 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Nokia
    2007-05-15 12:51:06 -------- d-----w C:\Program Files\Nokia
    2007-05-11 19:42:20 -------- d-----w C:\Program Files\Common Files\Logitech
    2007-05-06 09:11:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\foobar2000
    2007-05-04 08:49:06 5,355 ----a-w C:\WINDOWS\mozver.dat
    2007-05-03 13:47:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-05-03 13:23:38 -------- d-----w C:\Program Files\Symantec
    2007-05-02 17:35:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-04-30 19:11:46 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\uTorrent
    2007-04-30 17:00:49 -------- d-----w C:\Program Files\VSO
    2007-04-30 17:00:47 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Vso
    2007-04-23 18:41:32 -------- d-----w C:\Program Files\Futuremark
    2007-04-23 11:20:31 -------- d-----w C:\Program Files\Common Files\3DO Shared
    2007-04-23 11:18:34 -------- d-----w C:\Program Files\3DO
    2007-04-16 14:06:46 -------- d-----w C:\Program Files\MagicISO
    2007-04-08 19:32:40 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\LEGO Company
    2007-04-08 08:09:25 -------- d-----w C:\Program Files\SnapTrack
    2007-04-08 07:38:49 -------- d-----w C:\Program Files\ASCII
    2007-04-07 19:13:51 -------- d-----w C:\Program Files\Tracker 2000
    2007-04-06 14:57:00 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\CyberLink
    2007-04-05 12:46:42 -------- d-----w C:\Program Files\CDBurnerXP Pro 3
    2007-04-02 14:00:27 16 ----a-w C:\WINDOWS\popcinfo.dat
    2007-03-29 20:02:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Hamachi
    2007-03-29 12:57:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\X-Chat 2
    2007-03-29 09:20:16 -------- d-----w C:\Program Files\QuickTime
    2007-03-29 09:20:14 -------- d-----w C:\Program Files\Xilisoft
    2007-03-29 09:19:48 -------- d-----w C:\Program Files\ImTOO
    2007-03-28 20:22:20 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\DivX
    2007-03-28 19:21:29 -------- d-----w C:\Program Files\DivX
    2007-03-28 19:10:00 -------- d-----w C:\Program Files\Winamp
    2007-03-28 18:31:52 -------- d-----w C:\Program Files\Taksi
    2007-03-28 10:55:27 -------- d-----w C:\Program Files\DVDFab Decrypter 3
    2007-03-28 10:40:03 -------- d-----w C:\Program Files\DVD Decrypter
    2007-03-28 10:00:24 76,958 ----a-w C:\WINDOWS\system32\perfc00B.dat
    2007-03-28 10:00:24 379,216 ----a-w C:\WINDOWS\system32\perfh00B.dat
    2007-03-27 18:51:08 -------- d-----w C:\Program Files\Last.fm
    2007-03-27 17:13:32 -------- d-----w C:\Program Files\Microsoft Works
    2007-03-27 17:13:22 -------- d-----w C:\Program Files\MSBuild
    2007-03-27 17:12:07 -------- d-----w C:\Program Files\Microsoft.NET
    2007-03-27 17:10:01 -------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2007-03-26 14:42:00 -------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-03-24 08:36:49 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Dexpot
    2007-03-24 08:29:24 -------- d-----w C:\Program Files\Dexpot
    2007-03-22 14:56:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-03-21 17:24:37 4,096 ----a-w C:\WINDOWS\d3dx.dat
    2007-03-21 15:15:00 -------- d-----w C:\Program Files\mIRC
    2007-03-21 15:14:55 -------- d-----w C:\Program Files\X-Chat 2
    2007-03-21 08:46:13 -------- d-----w C:\Program Files\Hamachi
    2007-03-21 08:45:39 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-03-19 13:09:18 -------- d-----w C:\Program Files\Sprite Explorer
    2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 15:16:26 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Screenshot Sender
    2007-03-14 15:16:10 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-03-09 20:07:07 -------- d-----w C:\Program Files\ILoveSteam
    2007-03-09 19:59:56 -------- d--h--w C:\Program Files\Zero G Registry
    2007-03-09 15:14:26 -------- d-----w C:\Program Files\CDex_170b2
    2007-03-08 21:04:31 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\DataLayer
    2007-03-08 20:19:56 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\PC Suite
    2007-03-08 20:19:52 -------- d-----w C:\Program Files\DIFX
    2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-02-23 04:29:52 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-02-23 04:29:52 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-02-23 04:29:52 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-02-22 07:15:12 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
    2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-02-14 23:08:38 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
    2006-10-26 15:23:40 -------- --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2006-10-26 15:23:32 -------- --sh--r C:\WINDOWS\system32\699BF083FD.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {000123B4-9B42-4900-B3F7-F4B073EFC214}=C:\Program Files\Orbitdownloader\orbitcth.dll [2007-04-20 11:43]
    {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}=C:\WINDOWS\ServicePackFiles\522124519.dll []
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "xem"="C:\WINDOWS\ServicePackFiles\services.exe" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-01 14:02]
    "SManager"="smanager.7.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "xem"="C:\WINDOWS\ServicePackFiles\services.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{E861A950-42CB-03FA-684F-83A0BDC6D77A}"="C:\WINDOWS\system32\zc.dll" [2006-05-22 15:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    C:\Apps\Softex\OmniPass\opxpgina.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhld32]
    winhld32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
    winmfu32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]


    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-24 15:30:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    ********************************************************************

    Completion time: 2007-05-24 15:31:14 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-24 15:31

    --- E O F ---

    ==========
     
    typ0, May 24, 2007
    #13
  14. Auttaja

    Auttaja Guest

    Lataa RustBFix by ejvindh jommastakummasta linkistä ja tallenna se työpöydällesi:
    rustbfix.exe
    rustbfix.exe

    Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

    Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi

    =======0


    Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

    * Käynnistä tietokone
    * Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    * Seuraavaksi pitäisi ilmestyä valikko
    * Valitse valikosta vikasietotila.


    * Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
    * Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    * Paina Y käynnistääksesi skriptin.
    * Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    * Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    * Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    * Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    * Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    * Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi


    uuden HijackThis lokin kera.
     
    Auttaja, May 24, 2007
    #14
  15. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    RustBFix ei löytänyt mitään, mutta tässä SDFix ja hjt-lokit:

    ==========


    SDFix: Version 1.84

    Run by Temes - to 24.05.2007 - 16:25:13,75

    Microsoft Windows XP [versio 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:






    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service

    ==========

    Logfile of HijackThis v1.99.1
    Scan saved at 16:43:15, on 24.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\aspimgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
    O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
    O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

    ==========
     
    typ0, May 24, 2007
    #15
  16. Auttaja

    Auttaja Guest

    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
    [*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
    [*]C:\WINDOWS\SYSTEM32\winmfu32.dll
    [*]C:\WINDOWS\system32\zc.dll
    [*]Klikkaa Add Files ja sitten klikkaa Close Window.

    [*]Klikkaa Remove Vundo valintaa.
    [*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
    [*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
    [*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
    [*]Käynnistä koneesi uudelleen.
    [*]Postita C:\vundofix.txt sisältö
    ========

    kopioi seuraavat rivit esim notepad:in

    Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

    tuplaklikka hiirellä FIX.BAT :a

    Laita uusi Hijackthis logi
     
    Last edited by a moderator: May 24, 2007
    Auttaja, May 24, 2007
    #16
  17. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Tässä olis:

    ==========


    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 13:57:15 24.5.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fccbcab.dll
    C:\WINDOWS\system32\khfcbcd.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\fccbcab.dll
    C:\WINDOWS\system32\fccbcab.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\khfcbcd.dll
    C:\WINDOWS\system32\khfcbcd.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 14:15:04 24.5.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fccbcab.dll

    Beginning removal...

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 14:21:43 24.5.2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 17:25:13 24.5.2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winmfu32.dll
    C:\WINDOWS\SYSTEM32\winmfu32.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\zc.dll
    C:\WINDOWS\system32\zc.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winmfu32.dll
    C:\WINDOWS\SYSTEM32\winmfu32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ==========

    Logfile of HijackThis v1.99.1
    Scan saved at 17:52:24, on 24.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\aspimgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
    O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

    ==========
     
    typ0, May 24, 2007
    #17
  18. Auttaja

    Auttaja Guest

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    ========

    Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

    ==========

    Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
    O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll (file missing)


    Tässä ohje miten merkataan:
    [​IMG]

    =========

    kopioi seuraavat rivit esim notepad:in

    Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

    tuplaklikka hiirellä FIX.BAT :a

    =========

    Lataa Killbox Option^Explicitiltä.

    Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

    [*]Tallenna työpöydällesi.
    [*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
    [*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
    [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):


    C:\WINDOWS\ServicePackFiles\services.exe
    C:\WINDOWS\system32\aspimgr.exe


    [*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

    [*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
    Käynnistä koneesi itse jos se ei sitä automaattisesti tee

    Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

    ==========

    1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

    [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

    2. [*]Käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
    [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
    [*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
    [*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
    [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    [*]Sitten "Reports" valikon alta:a
    [*]Laita täppi kohtaan "Automatically generate report after every scan"
    [*]Ota täppi pois kohdasta"Only if threats were found"
    [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    [*]"Resident shield is", muuta tila active:sta inactive:ksi
    [*]Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä tietokoneesi vikasietotilaan

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
    [​IMG]
    [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

    ==========

    Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

    Avaa Oma tietokone
    -> Tee seuraava toimenpide kaikille Paikallisille levyille
    [​IMG]

    ==========

    Lataa CCleaner ja asenna se:
    Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

    Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

    Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti


    ==========

    Uusi Hijackthis logi ja onko ongelmia?
     
    Auttaja, May 24, 2007
    #18
  19. typ0

    typ0 Regular member

    Joined:
    Mar 29, 2006
    Messages:
    157
    Likes Received:
    0
    Trophy Points:
    26
    Näyttää toimivan jo paremmin.

    ==========

    Logfile of HijackThis v1.99.1
    Scan saved at 22:36:03, on 24.5.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
    O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
    O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

    ==========

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 22:26:31 24.5.2007

    + Scan result:



    HKLM\SYSTEM\CurrentControlSet\Enum\NMWCD\VID_0421&PID_04B8&IF_OBX\6&11084b85&0&01\\Class -> Adware.MarketScore : Error during cleaning.
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081250.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\VundoFix Backups\fccbcab.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\setlink.dll.vir -> Downloader.Agent.bga : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082297.dll -> Downloader.Agent.bga : Cleaned with backup (quarantined).
    C:\SDFix\backups\winF1.tmp.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
    C:\WINDOWS\smanager.7.exe~ -> Downloader.Alphabet : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\services.exe.vir -> Downloader.CWS.am : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082276.exe -> Downloader.CWS.am : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\522124519.dll.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\arcac.exe.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082275.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082278.exe -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\v7.exe.vir -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082279.exe -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\catchme2007-05-24_153017.29.zip/xpdt.sys -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
    C:\cwainda.exe -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081221.exe -> Not-A-Virus.Hoax.Win32.Renos.hn : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083440.exe -> Proxy.Mitglieder.cm : Cleaned with backup (quarantined).
    :mozilla.21:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.22:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.43:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.6:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.7:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    :mozilla.9:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
    D:\Documents and Settings\Vieras\Cookies\vieras@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083441.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083442.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083387.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
    C:\VundoFix Backups\winmfu32.dll.bad -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\wincom32.sys.vir -> Trojan.Tibs.w : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082281.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).


    ::Report end

    ==========
     
    typ0, May 24, 2007
    #19
  20. Auttaja

    Auttaja Guest

    Missäs tietokoneen virustorjunta?

    Avira Antivir paras ilmanen siihen

    =======

    Käynnistä -> Suorita -> Kirjoita seuraava ruutuun ja paina OK; services.msc

    Rullaa seuraavan palvelun kohdalle:
    Microsoft ASPI Manager (aspimgr)

    Klikkaa sitä hiiren oikealla näppäimellä ja valitse valikosta Pysäytä.
    Sitten paina "Ominaisuudet". Vaihda käynnistymistavaksi Ei käytössä
    Paina OK ja sulje ikkuna.

    =======

    Avaa hijackthis ja fixaa tämä rivi

    O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)

    =========0

    Lataa MWav eScan työpöydälle.

    Tuplaklikkaa mwav.exeä, aukeaa lisenssisopimus, hyväksy se.
    Merkitse seuraavat kohdat ennen scannausta.
    [*]Muisti
    [*]Käynnistyskansiot
    [*]Asema - Kaikki paikalliset levyt
    [*]Kansio - Paina selaa ja vaihda hakemistoksi C:\
    [*]Rekisteri
    [*]Järjestelmäkansiot
    [*]Palvelut
    [*]Vain skannaa
    [*]Sisällä alikansiot
    [*]Skannaa kaikki tiedostot
    Varmistu että kaikki edellämainitut kohdat ovat varmasti merkattu, paina Vain Skannaa.

    Huom. eScan voi näyttää siltä että se olisi valmis, mutta se ei välttämättä ole. Ohjelma ilmoittaa kun on valmis.

    eScan listaa alempaan ikkunaan saastuneet tiedostot kun scannaus on valmis, kopio(CTRL+C) ja liitä(CTRL+V) kaikki mitä boksiin tulee seuraavaan viestiisi.

    ========

    Uusi hijackthislogi jos viel jaksat :D
     
    Auttaja, May 24, 2007
    #20
Page 1 of 2

Share This Page