Mitä näille pitää/voi tehdä?

Jake

2004-10-10 19:34:06

Fsecuren online scan löysi nämä:

C:\Documents and Settings\Anki\Local Settings\Temp\ICD2.tmp\f3Setup1.exe TrojanDropper.Win32.FunWeb.a

C:\Documents and Settings\Lauri\Local Settings\Temporary Internet Files\Content.IE5\0PEJCPEZ\CAYZCH2B.html

TrojanDownloader.Java.FlingStone

C:\Program Files\Internet Explorer\iexplorer.exe Backdoor.Padodor.ac

C:\WINDOWS\system32\Iejdpham.exe Backdoor.Padodor.ac

Ja Hijackthis nämä:

Logfile of HijackThis v1.98.2
Scan saved at 19:29:51, on 10.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60813648-EA28-4106-8D2F-5D2E303FF586}: NameServer = 212.50.131.153 213.139.190.3
O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-316290C5B738} - C:\WINDOWS\System32\Cflncjnn.dll (file missing)

687

Äänestä

Vastaukset

Juu
2004-10-10 19:51:32
Lue ensin tuolta TärkeäInfo kohta ja ota sieltä ne mainitut palikat.

Sitte poista Lisää/Poista paneelista tämä

New.Net tai NewDotNet

Käynnistä sitte kone uudestaan ja pistä uus Hijack logi tänne.
- juggis
  2004-10-10 20:06:35
  jäi puuttumaan.:
  http://koti.mbnet.fi/pattaya1/adaware.htm#INFO
- Juu
  2004-10-10 20:08:32
  juggis kirjoitti:
  jäi puuttumaan.:
  http://koti.mbnet.fi/pattaya1/adaware.htm#INFO
  No niimpä tosiaan,hyvä ku huomasit.
- Jake
  2004-10-10 21:34:14
  Juu kirjoitti:
  No niimpä tosiaan,hyvä ku huomasit.
  Logfile of HijackThis v1.98.2
  Scan saved at 21:30:44, on 10.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Web_Rebates\WebRebates0.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\Program Files\Web_Rebates\WebRebates1.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
  O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-316290C5B738} - C:\WINDOWS\System32\Cflncjnn.dll (file missing)
- juggis
  2004-10-10 22:03:12
  Jake kirjoitti:
  Logfile of HijackThis v1.98.2
  Scan saved at 21:30:44, on 10.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\Program Files\Web_Rebates\WebRebates0.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\Program Files\Web_Rebates\WebRebates1.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
  O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-316290C5B738} - C:\WINDOWS\System32\Cflncjnn.dll (file missing)
  Poista ensin ohjauspaneelin Lisää/poista sovelluksen kautta seuraavat jo löytyy:
  
  Web_Rebates
  QuickSearch
  GMT
  MyWebSearch
  
  Laita piilotiedostot näkyviin, ohje:
  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
  
  Ruksaa seuraavat:
  
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
  O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-316290C5B738} - C:\WINDOWS\System32\Cflncjnn.dll (file missing)
  
  Sammuta muut ohjelmat paitsi HJT ja paina "fix checked" HJT:ssä.
  
  Käynnistä kone vikasietotilaan ja etsi ja poista jos löytyy seuraavat tiedostot ja hakemistot:
  
  C:\Program Files\MyWebSearch
  C:\Program Files\QuickSearch
  C:\Program Files\Web_Rebates
  C:\Program Files\Common Files\GMT
  
  Käynnistä kone normaalitilaan ja lähetä uusi logi
- Jake
  2004-10-10 23:19:55
  juggis kirjoitti:
  Poista ensin ohjauspaneelin Lisää/poista sovelluksen kautta seuraavat jo löytyy:
  
  Web_Rebates
  QuickSearch
  GMT
  MyWebSearch
  
  Laita piilotiedostot näkyviin, ohje:
  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
  
  Ruksaa seuraavat:
  
  O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
  O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
  O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
  O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
  O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185
  O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
  O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854004.cab
  O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-316290C5B738} - C:\WINDOWS\System32\Cflncjnn.dll (file missing)
  
  Sammuta muut ohjelmat paitsi HJT ja paina "fix checked" HJT:ssä.
  
  Käynnistä kone vikasietotilaan ja etsi ja poista jos löytyy seuraavat tiedostot ja hakemistot:
  
  C:\Program Files\MyWebSearch
  C:\Program Files\QuickSearch
  C:\Program Files\Web_Rebates
  C:\Program Files\Common Files\GMT
  
  Käynnistä kone normaalitilaan ja lähetä uusi logi
  Logfile of HijackThis v1.98.2
  Scan saved at 23:17:50, on 10.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
- juggis
  2004-10-11 19:12:30
  Jake kirjoitti:
  Logfile of HijackThis v1.98.2
  Scan saved at 23:17:50, on 10.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
  Tämä jäi multa eilen huomaamatta:
  Poista lisääpoita sovelluksen kautta jos löytyy
  CMEII
  Ruksaa:
  
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  
  Käynnistä kone vikasietotilaan ja etsi ja poista jos löytyy hakemisto:
  
  C:\Program Files\Common Files\CMEII
  
  Lähetä vielä uusi logi, niin saadaan varmuus koneesi puhtaudesta.
- Jake
  2004-10-11 21:29:30
  juggis kirjoitti:
  Tämä jäi multa eilen huomaamatta:
  Poista lisääpoita sovelluksen kautta jos löytyy
  CMEII
  Ruksaa:
  
  O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
  
  Käynnistä kone vikasietotilaan ja etsi ja poista jos löytyy hakemisto:
  
  C:\Program Files\Common Files\CMEII
  
  Lähetä vielä uusi logi, niin saadaan varmuus koneesi puhtaudesta.
  Ajoin ennen viimeisintä ohjetta SpyBotin ja Spyware Doctorin ja niissä
  ilmeisesti oli jo häipynyt se CMEII,
  koska tästä sitä ei löydy.
  Vieläkö joku pistää silmään?
  
  Logfile of HijackThis v1.98.2
  Scan saved at 21:22:28, on 11.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
- juggis
  2004-10-11 21:53:04
  Jake kirjoitti:
  Ajoin ennen viimeisintä ohjetta SpyBotin ja Spyware Doctorin ja niissä
  ilmeisesti oli jo häipynyt se CMEII,
  koska tästä sitä ei löydy.
  Vieläkö joku pistää silmään?
  
  Logfile of HijackThis v1.98.2
  Scan saved at 21:22:28, on 11.10.2004
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\drivers\CDAC11BA.EXE
  C:\Program Files\NavNT\defwatch.exe
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\MsgSys.EXE
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\wscntfy.exe
  C:\Program Files\NavNT\vptray.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  C:\Program Files\Microsoft Office\Office\OSA.EXE
  C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
  O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fi/win/QuickTimeFullInstaller.exe
  O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
  tarttunut enää mitään silmääni, puhtaalta näyttää.
  
  Sitten nämä:
  C:\Documents and Settings\Anki\Local Settings\Temp\ICD2.tmp\f3Setup1.exe TrojanDropper.Win32.FunWeb.a
  
  C:\Documents and Settings\Lauri\Local Settings\Temporary Internet Files\Content.IE5\0PEJCPEZ\CAYZCH2B.html
  
  TrojanDownloader.Java.FlingStone
  
  C:\Program Files\Internet Explorer\iexplorer.exe Backdoor.Padodor.ac
  
  C:\WINDOWS\system32\Iejdpham.exe Backdoor.Padodor.ac
  
  Tyhjennä C:\Documents and Settings\Lauri\Local Settings\Temporary Internet Files -hakemisto IE:n "työkalut" "internet asetukset" "Poista evästeet" "poista tiedostot" ja "kyllä" kysymykseen poistetaanko myös väliaikaistiedostot" ok
  
  Kaksi ekaa katos, jos olivat vielä olemassa.
  
  C:\WINDOWS\system32\Iejdpham.exe Backdoor.Padodor.ac
  Tätä ei näkynyt HJT-logissa. Koita etsiä sitä vikasietotilassa ko. hakemistosta. Poista jos löytyy.
  
  Tuo onkin hänkalampi juttu: C:\Program Files\Internet Explorer\iexplorer.exe Backdoor.Padodor.ac
  
  Koita scannata tuo tiedosto tällä:
  
  http://virusscan.jotti.dhs.org/
  
  Kerro vastaukset.

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Räppäri kuoli vankilassa
Ei kuulemma ole tapahtunut rikosta. Sama vahinkohan kävi Epsteinille. https://www.hs.fi/suomi/art-2000011840869.html "
24.02.2026 15:35Maailman menoa
101
4507
Välillä kyllä tuntuu, että jaat vihjeitä
Mutta miten niistä voi olla ollenkaan varma? Ja minä saan niistä kimmokkeen luulemaan yhtä sun toista. Eli mitä ajatella
24.02.2026 21:18Ikävä
29
3343
No kyllä te luuserit voitte tehdä mitä vaan keskenänne, sitä en ymmärrä miksi pelaat,nainen
Pisteesi silmissäni, edes ystävätasolla tippui jo tuhannella, kun sain selville pelailusi, olet toisen kanssa, vaikka ol
25.02.2026 01:01Ikävä
45
2370
Missä näitte viimeksi?
Missä näit kaivattua viimeksi ja oliko sähköä ilmassa?
25.02.2026 16:27Ikävä
36
1388
Minulla on käsitys
Ettet ole kovin se k s uaalinen ihminen.
26.02.2026 00:49Ikävä
34
1183
Harmittaako sinua yhtään?
Tuntuuko pahalta ollenkaan?
26.02.2026 02:54Ikävä
37
1116
Puukotus yöllä
Oli kaveri hermostunut ja antanut puukosta.
25.02.2026 07:00Sotkamo
13
1064
Mitä sun kaltainen ihminen tekee tämmöisessä paikassa?
Et kuulu tänne?
24.02.2026 22:12Ikävä
158
1007
rakas J siellä jossain
Niin ikävä sua. -P. Nainen
25.02.2026 19:14Ikävä
6
934
Masan touhut etenee
Punatiilitalon tietotoimiston mukaan Masa on saanut viimein myytyä kämppänsä ja kaavoittaa uudelle lukaalille tonttia pa
25.02.2026 07:46Äänekoski
12
872

Mitä näille pitää/voi tehdä?

Vastaukset

juggis kirjoitti:

Juu kirjoitti:

Jake kirjoitti:

juggis kirjoitti:

Jake kirjoitti:

juggis kirjoitti:

Jake kirjoitti:

Luetuimmat keskustelut

Räppäri kuoli vankilassa

Välillä kyllä tuntuu, että jaat vihjeitä

No kyllä te luuserit voitte tehdä mitä vaan keskenänne, sitä en ymmärrä miksi pelaat,nainen

Missä näitte viimeksi?

Minulla on käsitys

Harmittaako sinua yhtään?

Puukotus yöllä

Mitä sun kaltainen ihminen tekee tämmöisessä paikassa?

rakas J siellä jossain

Masan touhut etenee

300 000 työtöntä taistelee 30 000 työpaikasta

Erikoisjoukot: Törkeästi kohdeltu Joona Puhakka tilittää kouluttajien huonosta käytöksestä

MTV: Lola Odusoga avoimena Salatut elämät -sarjasta

Jauhelihan hinta nousi rajusti

Narsistiset vanhemmat

Onko teidän töissä enää yli 60-vuotiaita töissä?

Kiinnostaako Petolliset? Uudella kaudella radikaali muutos, muttei kaikille katsojille...

81-vuotias Frederik avoimena - Ei omasta mielestä kelpaa tästä syystä realityihin: "Veemäinen..."

Tanskan malli perustuu korkeaan ansioturvaan

Kiinnostaako Iholla-reality? Katsotko?