tyttöystävän Hjt-logi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by numpska, Mar 8, 2007.

Page 1 of 2
  1. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Äh, taas joutuu mies hommiin. Tää kone vähän on sekasin taas, selaimen kaappauksia ja Pecompact virusta iskeny. Hjt-logia tässä:


    Logfile of HijackThis v1.99.1
    Scan saved at 8:08:24, on 9.3.2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    E:\ELISA\Anti-Virus\fsgk32st.exe
    E:\ELISA\Anti-Virus\FSGK32.EXE
    E:\ELISA\backweb\4119343\program\fsbwsys.exe
    E:\ELISA\Common\FSMA32.EXE
    E:\ELISA\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    E:\ELISA\Common\FSMB32.EXE
    E:\ELISA\Common\FCH32.EXE
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\ELISA\Common\FSM32.EXE
    E:\ELISA\FSGUI\ispnews.exe
    C:\QuickTime\qttask.exe
    E:\ELISA\Common\FAMEH32.EXE
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\ELISA\Anti-Virus\fsrw.exe
    E:\ELISA\FWES\Program\fsdfwd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\UltimateZip 2.7\uzqkst.exe
    E:\ELISA\Anti-Virus\fsav32.exe
    E:\ELISA\ANTI-S~1\fsaw.exe
    E:\ELISA\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Jussi\Työpöytä\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\ELISA\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\ELISA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\ELISA\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "E:\ELISA\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = E:\ELISA\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\ELISA\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - E:\ELISA\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - E:\ELISA\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\ELISA\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\ELISA\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
     
    numpska, Mar 8, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Terve

    C:\Documents and Settings\Jussi\Työpöytä\HijackThis.exe

    Ei näin, vaan näin

    C:\HJT\HijackThis.exe

    ja tämän jälkeen nimeä se uudelleen että näyttää tältä

    C:\HJT\skanneri.exe

    Laita uusi logi niin päästään alkuun!
     
    Auttaja, Mar 8, 2007
    #2
  3. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Ei ole ennen tarvinnut työpöytää pidemmälle heittää ja nimeä muuttaa -.-

    Logfile of HijackThis v1.99.1
    Scan saved at 8:18:18, on 9.3.2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    E:\ELISA\Anti-Virus\fsgk32st.exe
    E:\ELISA\Anti-Virus\FSGK32.EXE
    E:\ELISA\backweb\4119343\program\fsbwsys.exe
    E:\ELISA\Common\FSMA32.EXE
    E:\ELISA\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    E:\ELISA\Common\FSMB32.EXE
    E:\ELISA\Common\FCH32.EXE
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\ELISA\Common\FSM32.EXE
    E:\ELISA\FSGUI\ispnews.exe
    C:\QuickTime\qttask.exe
    E:\ELISA\Common\FAMEH32.EXE
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\ELISA\Anti-Virus\fsrw.exe
    E:\ELISA\FWES\Program\fsdfwd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\UltimateZip 2.7\uzqkst.exe
    E:\ELISA\Anti-Virus\fsav32.exe
    E:\ELISA\ANTI-S~1\fsaw.exe
    E:\ELISA\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {C11D695A-65F4-4D1D-9714-85C5006322F6} - C:\WINDOWS\System32\yayvs.dll
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\System32\iifffgf.dll
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\dtshleml.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\ELISA\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\ELISA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\ELISA\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "E:\ELISA\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = E:\ELISA\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\ELISA\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    O20 - Winlogon Notify: wincji32 - C:\WINDOWS\SYSTEM32\wincji32.dll
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - E:\ELISA\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - E:\ELISA\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\ELISA\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\ELISA\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

     
    numpska, Mar 8, 2007
    #3
  4. Auttaja

    Auttaja Guest

    Nyt saat vähän ilmasta oppia:

    1. nimettiin uusiksi siksi että rivissä näkyisivät O2 rivit, sieltä paljastuikin mitä epäilin eli hidden vundo
    2. Siksi tehtiin tuonne kansioon, koska sen ansiosta saadaan varmuuskopiot

    ******************

    Lataa VundoFix.exe työpöydällesi.
    *Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    *Klikkaa Scan for Vundo valintaa.
    *Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    *Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    *Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    *Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    *Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    *************************

    Avaa HijackThis merkkaa ja fixaa seuraavat rivit(sulje muut ohjelmat siksi aikaa):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    Unknown
    O2 - BHO: (no name) - {C11D695A-65F4-4D1D-9714-85C5006322F6} - C:\WINDOWS\System32\yayvs.dll
    Unknown
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\System32\iifffgf.dll
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\dtshleml.dll (file missing)
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    Unknown
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    Unknown
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    O20 - Winlogon Notify: wincji32 - C:\WINDOWS\SYSTEM32\wincji32.dll
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll

    *************************************

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    *******************************

    Poista seuraavat tiedostot vikasietotilassa jos löytyy, laita ensin piilotiedostot näkyviin avaamalla kansio, sieltä työkalut, kansion asetukset, näytä välilehti, tappi kohtaan näytä piilotiedostot ja kansiot etc.

    C:\WINDOWS\System32\yayvs.dll
    C:\WINDOWS\System32\iifffgf.dll
    C:\WINDOWS\System32\v6.exe
    C:\WINDOWS\System32\drvreh.dll
    "C:\WINDOWS\System32\lwtlpprs.dll
    C:\WINDOWS\cc.exe
    C:\WINDOWS\SYSTEM32\wincji32.dll
    C:\WINDOWS\System32\yayvs.dll

    *****************

    Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Lataa se tästä

    * Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    * Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    * Käynnistä AVG Anti-Spyware.
    * Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    * Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    * Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    * Sitten "Reports" valikon alta:

    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    * Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    * "Resident shield is", muuta tila active:sta inactive:ksi
    * Sulje ohjelma, ÄLÄ skannaa vielä.

    Käynnistä koneesi vikasietotilaan, ohje alhaalla!

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.

    * Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    * Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    * AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    * Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    * Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

    * Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    * Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    * Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti tänne.

    · Kuinka käynnistän tietokoneeni vikasietotilaan?

    Windows käyttöjärjestelmissä virus- ja vakoiluohjelmien onnistunut poisto vaatii usein koneen käynnistämisen vikasietotilassa. Käynnistäminen vikasietotilaan onnistuu useimmissa tapauksissa klikkaamalla (joskus rämpyttämällä) F8-näppäintä käynnistyksen yhteydessä.

    Katso tarkemmat ohjeet omaan käyttöjärjestelmääsi. Sivusto on englanninkielinen.

    **********

    Laita uusin HJT-logi


     
    Auttaja, Mar 8, 2007
    #4
  5. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Eka kohta suoritettu, kone näköjään otti osumaa kun käynnistyksen yhteydessä tuli ilmoituksia "asemassa x ei ole levyä". Meniköhän jokin pieleen?


    VundoFix V6.1.5

    Checking Java version...

    Java version is 1.5.0.5

    Scan started at 8:40:59 9.3.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\wvuus.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\wvuus.dll
    C:\WINDOWS\system32\wvuus.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 9:03:11, on 9.3.2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    E:\ELISA\Anti-Virus\fsgk32st.exe
    E:\ELISA\Anti-Virus\FSGK32.EXE
    E:\ELISA\backweb\4119343\program\fsbwsys.exe
    E:\ELISA\Common\FSMA32.EXE
    E:\ELISA\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    E:\ELISA\Common\FSMB32.EXE
    E:\ELISA\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    E:\ELISA\Common\FAMEH32.EXE
    C:\WINDOWS\Explorer.EXE
    E:\ELISA\Anti-Virus\fsrw.exe
    E:\ELISA\FWES\Program\fsdfwd.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\ELISA\Common\FSM32.EXE
    E:\ELISA\FSGUI\ispnews.exe
    C:\QuickTime\qttask.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\UltimateZip 2.7\uzqkst.exe
    E:\ELISA\Anti-Virus\fsav32.exe
    E:\ELISA\ANTI-S~1\fsaw.exe
    E:\ELISA\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\skanneri.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\System32\iifffgf.dll
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\dtshleml.dll (file missing)
    O2 - BHO: (no name) - {E723524C-ECB5-4D94-B717-15A7E9E7514F} - C:\WINDOWS\System32\yayvs.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\ELISA\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\ELISA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\ELISA\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "E:\ELISA\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = E:\ELISA\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\ELISA\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    O20 - Winlogon Notify: wincji32 - wincji32.dll (file missing)
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - E:\ELISA\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - E:\ELISA\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\ELISA\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\ELISA\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe



    Jatkan seuraavaan kohtaan eli hjt-poistoon.


     
    numpska, Mar 8, 2007
    #5
  6. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Combofix logi:

    ComboFix 07-03-08 - Running from: "C:\Documents and Settings\Jussi\Ty”p”yt„"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\jkklk.dll


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-09 to 2007-03-09 ))))))))))))))))))))))))))))))))))


    2007-03-09 08:50 <KANSIO> d-------- C:\WINDOWS\pss
    2007-03-09 08:40 <KANSIO> d-------- C:\VundoFix Backups
    2007-03-09 08:17 <KANSIO> d-------- C:\HJT
    2007-03-08 17:57 <KANSIO> d-------- C:\Program Files\Quadro Uneraser 2.5
    2007-03-08 17:42 88,340 --a------ C:\WINDOWS\system32\lgrtsohy.exe
    2007-03-08 17:42 76,412 --a------ C:\WINDOWS\system32\lgvgmpgl.dll
    2007-03-08 17:42 123,412 --a------ C:\WINDOWS\system32\lwtlpprs.dll
    2007-03-08 17:41 282,212 --------- C:\WINDOWS\system32\yayvs.dll
    2007-03-08 17:29 26,685 ---hs---- C:\WINDOWS\system32\iifffgf.dll
    2007-03-08 17:28 0 --a------ C:\rsuowti.exe
    2007-03-08 17:28 0 --a------ C:\qmjxf.exe
    2007-03-08 17:28 0 --a------ C:\hxapa.exe
    2007-03-08 17:28 0 --a------ C:\hoodcou.exe
    2007-03-08 17:28 0 --a------ C:\hgym.exe
    2007-03-08 17:28 0 --a------ C:\efkaievj.exe
    2007-03-08 17:15 <KANSIO> d-------- C:\Program Files\DiskInternals


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-09 09:13 10062 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
    2007-03-09 08:59 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\skype
    2007-02-18 14:22 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\msn6
    2007-02-15 17:19 -------- d-------- C:\Program Files\google
    2007-02-04 11:42 49016 --a------ C:\WINDOWS\system32\perfc00b.dat
    2007-02-04 11:42 283982 --a------ C:\WINDOWS\system32\perfh00b.dat
    2007-01-28 15:29 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\adobeum


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
    "WinampAgent"="E:\\Winamp\\winampa.exe"
    "F-Secure Manager"="\"E:\\ELISA\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"E:\\ELISA\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"E:\\ELISA\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"E:\\ELISA\\FSGUI\\ispnews.exe\""
    "QuickTime Task"="\"C:\\QuickTime\\qttask.exe\" -atboottime"
    "Samsung Common SM"="\"C:\\WINDOWS\\Samsung\\ComSMMgr\\ssmmgr.exe\" /autorun"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="MsgPlusLoader.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
    "{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{CEAB1E45-BB8D-4A85-B356-79028FEE94CE}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Microsoft run manager"="rundll.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Microsoft run manager"="rundll.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source REG_SZ C:\WINDOWS\warnhp.html

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgf
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvs

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0




    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070309-090829-902
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    backup-20070309-090829-349
    O20 - Winlogon Notify: wincji32 - wincji32.dll (file missing)
    backup-20070309-090829-851
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    backup-20070309-090829-769
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    backup-20070309-090829-448
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    backup-20070309-090829-451
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    backup-20070309-090829-924
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    backup-20070309-090828-731
    O2 - BHO: (no name) - {E723524C-ECB5-4D94-B717-15A7E9E7514F} - C:\WINDOWS\System32\yayvs.dll
    backup-20070309-090828-784
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\dtshleml.dll (file missing)
    backup-20070309-090828-517
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\System32\iifffgf.dll
    backup-20070309-090828-794
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\Scheduled scanning task.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-09 9:25:21

     
    numpska, Mar 8, 2007
    #6
  7. Auttaja

    Auttaja Guest

    Lataa SmitfraudFix (c) S!Ri (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Lähetä em. raportin lisäksi uusi HjT-loki.
     
    Auttaja, Mar 8, 2007
    #7
  8. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Kone toimii ihan sika hitaasti. Oma tietokone ei edes suostu aukeamaan, jää vain lamppu siihen pyörimään kuin se etsisi niitä asemia. Resurssinhallinnasta pääsee silti asemiin käsiksi.

    SmitFraudFix v2.148

    Scan done at 12:09:50,02, pe 09.03.2007
    Run from C:\Documents and Settings\Jussi\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\warnhp.html Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    HKLM\SOFTWARE\WinHound.com Deleted

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Logfile of HijackThis v1.99.1
    Scan saved at 12:11:33, on 9.3.2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\skanneri.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2CDBC305-5FE5-49D8-8240-E02CA400ECD2} - C:\WINDOWS\System32\yayvs.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\system32\iifffgf.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\ELISA\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\ELISA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\ELISA\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "E:\ELISA\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\ELISA\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - E:\ELISA\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - E:\ELISA\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - E:\ELISA\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\ELISA\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

     
    numpska, Mar 9, 2007
    #8
  9. Auttaja

    Auttaja Guest

    Eipä se vundo lähtenykkää

    Lataa VundoFix.exe työpöydällesi.


    Tupla-klikkaa VundoFix.exe ajaaksesi sen.

    Klikkaa Scan for Vundo valintaa.

    Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files

    Kopioi ja liitä seuraavat rivit kahteen ylimmäiseen boksiin, lisää siis kahesti


    C:\WINDOWS\System32\yayvs.dll
    C:\WINDOWS\system32\svyay.*

    ja

    C:\WINDOWS\System32\iifffgf.dll
    C:\WINDOWS\System32\fgfffii.*


    Klikkaa Add Files ja sitten klikkaa Close Window.

    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.

    Sinulta kysytään haluatko poistaa filut - klikkaa YES.

    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.

    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.

    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.



    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

    Laita uusin HJT-logi joka on otettut normaalitilassa.
     
    Auttaja, Mar 9, 2007
    #9
  10. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Ei onnistunut vundon poistaminen noista ddl tiedostoista. Sen sijaan, kone alkoi takkuilemaan ja aukoo IE pop uppeja. Oma tietokone ei lähde käyntiin vaan jää rullaamaan taskulamppua siihen kahdeksi ikuisuudeksi. Resurssienhallinnan kautta pystyy asemille menemään mutta oman tietokoneen cd- ja tavallisen asemien kuvakkeita ei löydy:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:22:58, on 9.3.2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    E:\ELISA\Anti-Virus\fsgk32st.exe
    E:\ELISA\Anti-Virus\FSGK32.EXE
    E:\ELISA\backweb\4119343\program\fsbwsys.exe
    E:\ELISA\Common\FSMA32.EXE
    E:\ELISA\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    E:\ELISA\Common\FSMB32.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    E:\ELISA\Common\FCH32.EXE
    E:\ELISA\Common\FAMEH32.EXE
    E:\ELISA\Anti-Virus\fsrw.exe
    E:\ELISA\Anti-Virus\fsav32.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    E:\ELISA\Common\FSM32.EXE
    E:\ELISA\FSGUI\ispnews.exe
    C:\QuickTime\qttask.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\UltimateZip 2.7\uzqkst.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\HJT\skanneri.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {70282DB5-F1D7-4A38-AFB4-2F8416CBFFCA} - C:\WINDOWS\System32\yayvs.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\system32\iifffgf.dll (file missing)
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\asksikra.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "E:\ELISA\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "E:\ELISA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\ELISA\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "E:\ELISA\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\dogdbngu.dll",setvm
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = E:\ELISA\backweb\4119343\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Estä tämä kohoikkuna - E:\ELISA\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\ELISA\Anti-Spyware\ieshield.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - E:\ELISA\backweb\4119343\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - E:\ELISA\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - E:\ELISA\backweb\4119343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - E:\ELISA\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\ELISA\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

     
    numpska, Mar 9, 2007
    #10
  11. Auttaja

    Auttaja Guest

    1) Lataa VirtumundoBegone
    2) Tallenna VirtumundoBeGone.exe työpöydällesi.
    3) Aja VirtumundoBeGone.exe ja seuraa ohjeita. Älä huoli jos näet sinisen ruudun "Fatal Error" viestin, tämä on normaalia.
    4) Kun työkalu on valmis, käynnistä kone uudelleen.

    Se luo työpöydällesi lokin nimeltä VBG.TXT, kopioi ja liitä sen sisältö vastaukseesi.

    *****************
    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    *************

    Laita myös uusin HijackThis-logi
     
    Last edited by a moderator: Mar 9, 2007
    Auttaja, Mar 9, 2007
    #11
  12. numpska

    numpska Member

    Joined:
    Oct 25, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Oheislukemistoa tässä ole hyvä


    [03/10/2007, 16:46:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jussi\Työpöytä\VirtumundoBeGone.exe" )
    [03/10/2007, 16:46:25] - Detected System Information:
    [03/10/2007, 16:46:25] - Windows Version: 5.1.2600,
    [03/10/2007, 16:46:25] - Current Username: Jussi (Admin)
    [03/10/2007, 16:46:25] - Windows is in NORMAL mode.
    [03/10/2007, 16:46:25] - Searching for Browser Helper Objects:
    [03/10/2007, 16:46:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [03/10/2007, 16:46:25] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [03/10/2007, 16:46:25] - BHO 3: {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} ()
    [03/10/2007, 16:46:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/10/2007, 16:46:25] - Checking for HKLM\...\Winlogon\Notify\iifffgf
    [03/10/2007, 16:46:25] - Key not found: HKLM\...\Winlogon\Notify\iifffgf, continuing.
    [03/10/2007, 16:46:25] - BHO 4: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
    [03/10/2007, 16:46:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/10/2007, 16:46:25] - Checking for HKLM\...\Winlogon\Notify\asksikra
    [03/10/2007, 16:46:25] - Key not found: HKLM\...\Winlogon\Notify\asksikra, continuing.
    [03/10/2007, 16:46:25] - Finished Searching Browser Helper Objects
    [03/10/2007, 16:46:25] - Finishing up...
    [03/10/2007, 16:46:25] - Nothing found! Exiting...



    ComboFix 07-03-08 - Running from: "C:\Documents and Settings\Jussi\Ty”p”yt„"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\jkklk.dll


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-09 to 2007-03-09 ))))))))))))))))))))))))))))))))))


    2007-03-09 08:50 <KANSIO> d-------- C:\WINDOWS\pss
    2007-03-09 08:40 <KANSIO> d-------- C:\VundoFix Backups
    2007-03-09 08:17 <KANSIO> d-------- C:\HJT
    2007-03-08 17:57 <KANSIO> d-------- C:\Program Files\Quadro Uneraser 2.5
    2007-03-08 17:42 88,340 --a------ C:\WINDOWS\system32\lgrtsohy.exe
    2007-03-08 17:42 76,412 --a------ C:\WINDOWS\system32\lgvgmpgl.dll
    2007-03-08 17:42 123,412 --a------ C:\WINDOWS\system32\lwtlpprs.dll
    2007-03-08 17:41 282,212 --------- C:\WINDOWS\system32\yayvs.dll
    2007-03-08 17:29 26,685 ---hs---- C:\WINDOWS\system32\iifffgf.dll
    2007-03-08 17:28 0 --a------ C:\rsuowti.exe
    2007-03-08 17:28 0 --a------ C:\qmjxf.exe
    2007-03-08 17:28 0 --a------ C:\hxapa.exe
    2007-03-08 17:28 0 --a------ C:\hoodcou.exe
    2007-03-08 17:28 0 --a------ C:\hgym.exe
    2007-03-08 17:28 0 --a------ C:\efkaievj.exe
    2007-03-08 17:15 <KANSIO> d-------- C:\Program Files\DiskInternals


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-09 09:13 10062 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
    2007-03-09 08:59 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\skype
    2007-02-18 14:22 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\msn6
    2007-02-15 17:19 -------- d-------- C:\Program Files\google
    2007-02-04 11:42 49016 --a------ C:\WINDOWS\system32\perfc00b.dat
    2007-02-04 11:42 283982 --a------ C:\WINDOWS\system32\perfh00b.dat
    2007-01-28 15:29 -------- d-------- C:\DOCUME~1\Jussi\APPLIC~1\adobeum


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
    "WinampAgent"="E:\\Winamp\\winampa.exe"
    "F-Secure Manager"="\"E:\\ELISA\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"E:\\ELISA\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "F-Secure Startup Wizard"="\"E:\\ELISA\\FSGUI\\FSSW.EXE\" /reboot"
    "News Service"="\"E:\\ELISA\\FSGUI\\ispnews.exe\""
    "QuickTime Task"="\"C:\\QuickTime\\qttask.exe\" -atboottime"
    "Samsung Common SM"="\"C:\\WINDOWS\\Samsung\\ComSMMgr\\ssmmgr.exe\" /autorun"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="MsgPlusLoader.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
    "{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{CEAB1E45-BB8D-4A85-B356-79028FEE94CE}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Microsoft run manager"="rundll.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Microsoft run manager"="rundll.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source REG_SZ C:\WINDOWS\warnhp.html

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgf
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvs

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0




    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070309-090829-902
    O20 - Winlogon Notify: yayvs - C:\WINDOWS\System32\yayvs.dll
    backup-20070309-090829-349
    O20 - Winlogon Notify: wincji32 - wincji32.dll (file missing)
    backup-20070309-090829-851
    O20 - Winlogon Notify: iifffgf - C:\WINDOWS\SYSTEM32\iifffgf.dll
    backup-20070309-090829-769
    O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
    backup-20070309-090829-448
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\lwtlpprs.dll",setvm
    backup-20070309-090829-451
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvreh.dll,startup
    backup-20070309-090829-924
    O4 - HKLM\..\Run: [syswin] C:\WINDOWS\System32\v6.exe
    backup-20070309-090828-731
    O2 - BHO: (no name) - {E723524C-ECB5-4D94-B717-15A7E9E7514F} - C:\WINDOWS\System32\yayvs.dll
    backup-20070309-090828-784
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\dtshleml.dll (file missing)
    backup-20070309-090828-517
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\System32\iifffgf.dll
    backup-20070309-090828-794
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\Scheduled scanning task.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-09 9:25:21




    Logfile of HijackThis v1.99.1
    Scan saved at 18:42, on 07-03-10
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\QuickTime\qttask.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\UltimateZip 2.7\uzqkst.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    C:\HJT\skanneri.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\system32\iifffgf.dll (file missing)
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\asksikra.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\dogdbngu.dll",setvm
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: UltimateZip Quick Start.lnk = C:\UltimateZip 2.7\uzqkst.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Tuki - {9C2E957A-B8D8-4B89-8766-EAD776A0B41D} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {B078708C-6366-4D7A-A472-626D76350A78} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {BD1B54E4-7AAC-480E-B74B-61CAC83D00AC} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133198462084
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133198427043
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    numpska, Mar 10, 2007
    #12
  13. Auttaja

    Auttaja Guest

    Noniin, tiedätkö suurin syy miks kone on aivan jäissä, on se että sitä ei ole päivitetty Windowsupdatessa, (servicepack2 pitää asentaa ja selainkin on kivikaudelta):

    *************
    Fixaa nää rivit:

    O2 - BHO: (no name) - {CEAB1E45-BB8D-4A85-B356-79028FEE94CE} - C:\WINDOWS\system32\iifffgf.dll (file missing)
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\asksikra.dll (file missing)
    Unknown
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\dogdbngu.dll",setvm

    Poista nämä tiedostot (=laita piilotiedosot näkyviin, avaamalla kansio-> työkalut -> näytä välilehti -> tappi kohtaa näytä piilotiedostot ja kansiot)

    C:\WINDOWS\system32\iifffgf.dll
    C:\WINDOWS\System32\asksikra.dll
    C:\WINDOWS\System32\dogdbngu.dll

    Jos löytyy, ei ainakaan vundon pitäs olla ongelma enää.

    Laitaa uusi HJT-logi.
     
    Auttaja, Mar 10, 2007
    #13
  14. Hujo

    Hujo Guest

    Auttaja putsaas kone ensin Sp1 koneelle

    Sp1 linkki

    Sitten aloita puhdistus alusta
     
    Last edited by a moderator: Mar 10, 2007
    Hujo, Mar 10, 2007
    #14
  15. Auttaja

    Auttaja Guest

    Pistähän Hujo edes oikea linkki, kiitos.
     
    Auttaja, Mar 10, 2007
    #15
  16. Hujo

    Hujo Guest

    se on aivan oikea linkki

    ei sp2:ta koneelle ennen kuin on kone puhas.
     
    Last edited by a moderator: Mar 10, 2007
    Hujo, Mar 10, 2007
    #16
  17. pkaksp

    pkaksp Moderator Staff Member

    Joined:
    Jan 10, 2005
    Messages:
    12,231
    Likes Received:
    53
    Trophy Points:
    128
    pkaksp, Mar 10, 2007
    #17
  18. Hujo

    Hujo Guest

    Hujo, Mar 10, 2007
    #18
  19. Auttaja

    Auttaja Guest

    Huoh tuossa linkissäsi oli ie sp1 päivitys joka henkilöllä jo on:
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Kun taas koko järjestelmän sp1 puuttuu. Think!
     
    Auttaja, Mar 10, 2007
    #19
  20. Hujo

    Hujo Guest

    jokasella on jo Internet Explorer v7.00 ja Windows XP SP2

     
    Hujo, Mar 10, 2007
    #20
Page 1 of 2

Share This Page