Voisiko joku tarkistaa nämä logit,Kiitos.

Logfile of HijackThis v1.99.1
Scan saved at 14:46:16, on 15.6.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Documents and Settings\Jaffa\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/free/spf_upg_download.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121702086375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\l46o0ej3eho.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

ja sitten vielä toi spybot:

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService


--- Spybot - Search && Destroy version: 1.3 ---
2006-03-10 Includes\Cookies.sbi
2006-03-10 Includes\Dialer.sbi
2006-03-10 Includes\Hijackers.sbi
2006-03-10 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2006-03-10 Includes\Malware.sbi
2006-03-10 Includes\PUPS.sbi
2006-03-10 Includes\Revision.sbi
2006-03-10 Includes\Security.sbi
2006-03-10 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi

Kiitoksia etukäteen.

 

Lataa http://www.atribune.org/ccount/click.php?id=7 Look2Me-Destroyer.exe työpöydällesi.

TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:


* Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
* Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
* Klikkaa OK.
* Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
* Toissijainen kirjautuminen
* Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
* Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja.
[*]Sulje kaikki ikkunat ennen jatkamista.
[*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
[*]Rastita Run this program as a task.
[*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
[*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
[*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
[*]Saat Done Scanning viestin, klikkaa OK.
[*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
[*]Tietokoneesi sammuttaa itsensä.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.
Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.

Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Koeta uudelleen.

 

Do diin.Tältä nämä nyt näyttävät.Kiitoksia nopeasta avusta.

Logfile of HijackThis v1.99.1
Scan saved at 15:24:33, on 15.6.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Jaffa\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/free/spf_upg_download.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121702086375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Ja sit tämä toinen:


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 15.6.2006 15:20:04

Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066298.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066299.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066300.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066301.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066302.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066303.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066304.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066305.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066306.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066307.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066308.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066309.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066310.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066311.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066312.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066313.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066314.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066315.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066316.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066317.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066318.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066319.dll
Infected! C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066320.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066298.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066298.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066299.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066299.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066300.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066300.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066301.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066301.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066302.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066302.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066303.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066303.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066304.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066304.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066305.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066305.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066306.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066306.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066307.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066307.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066308.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066308.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066309.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066309.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066310.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066310.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066311.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066311.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066312.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066312.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066313.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066313.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066314.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066314.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066315.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066315.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066316.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066316.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066317.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066317.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066318.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066318.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066319.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066319.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066320.dll
C:\System Volume Information\_restore{975C1542-FE2F-4B98-9089-735F3CB33798}\RP364\A0066320.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Cardhu kumartaa nöyrästi kaikesta avusta.

 

Jatketaan

Lataa delcmdservice työpöydälle.
http://users.telenet.be/marcvn/tools/delcmdservice.zip

[*] Pura sisältö työpöydälle (kansio nimeltä delcmdservice)
[*] Avaa delcmdservice-kansio
[*] Tuplaklikkaa delreg.bat
[*] Kun työkalu on valmis, käynnistä kone uudestaan.

Skannaa uudelleen Spybotilla ja kerro löytääkö vielä cmdservicen?

 

Terve.

Spybot ei löytänyt mitään.Kiitoksia avusta,Kemisti ja hyvää päivänjatkoa

T:newbie

 

Äläs nyt vielä mee mihinkään

Päivitä Windows (service pack 2) ja katso tuolta sopiva ilmainen virustorjunta ->
http://keskustelu.afterdawn.com/thread_view.cfm/162275

 

Widows päivitetty(sp2) ja antiwir pyörii.Tossa nyt on vielä varmuuden vuoksi logi:

Logfile of HijackThis v1.99.1
Scan saved at 16:17:52, on 15.6.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Jaffa\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/free/spf_upg_download.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121702086375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

Antivir pyörii, mutta windows ei näytä olevan päivitetty

 

Hmmm....just otin kaikki päivitykset updatesta.....kumma juttu.No pääasia et sonta on pois koneelta.Kiitos kemisti.

 

Kokeilepa hakea täältä sp2 -> http://www.microsoft.com/downloads/...BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=fi
ja asenna se.

 

Terve.

Laitoin Auto päivityksen päälle.En jaksa naputella tätä konetta tänään enää.Mitä me kämmikourat tekisimmekään ilman sinua,Kemisti =)

 

Ole hyvä

 

Terve Kemisti

Tällainen tyhmä kysykys kun tuo ad-aware ei löydä mitään ihmellistä mutta lopuksi se heitää jonkun mru listan ruudulle.....poistin ne kaikki mutta päivän välein sieltä tulee sama homma....joku microsoftin vakoilu systeemi,vai???

Kiitos etukäteen.Olet gurujen guru

 

Mru = most recently used, viimeksi käytetyt tiedostot yms..

Noista ei kannata välittää

 

Terve Kemisti.

Kaverilla on kone myös ihan sekaisin ja ajattelin että jos sulla olisi aikaa kurkata hänenkin hjt logi?

Logfile of HijackThis v1.99.1
Scan saved at 17:14:41, on 7.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Hjt\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] O:\Program Files\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = O:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://O:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hyvää kesää joka tapauksessa.

 

Ilta päivää. sen verran osaan (kai) auttaa että nuo voi ainaki fixata

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

 

...Paitsi että noita kahta alinta ei fixata File missing tuossa on HjT:n bugi, tiedosto on olemassa.

 

Kiitos taas kerran,kemisti.