Mitäs poistetaan

make

Logfile of HijackThis v1.99.1
Scan saved at 3:39:36, on 24.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
C:\Program Files\LClock\lclock.exe
C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\autoupdatev2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp495E.tmp
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration789.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Beoplayertray] C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe"
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Global Startup: BeoPlayer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131299924343
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

9

603

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja

      Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

      O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

      Hae smitrem täältä -> http://noahdfear.geekstogo.com/click counter/click.php?id=1
      Tallenna työpöydälle ja tuplaklikkaa sitä, jolloin se luo smitRem-kansion työpöydälle

      Käynnistä vikasietotilaan(F8 käynnistyksen yhteydessä).

      Poista tämä:

      C:\WINDOWS\system32\==>autoupdatev2.exe

      • make

        Logfile of HijackThis v1.99.1
        Scan saved at 12:08:02, on 24.11.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Logitech\MouseWare\system\em_exec.exe
        C:\HP\KBD\KBD.EXE
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\Program Files\LClock\lclock.exe
        C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
        C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        C:\WINDOWS\system32\LckFldService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
        O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration789.dll
        O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Beoplayertray] C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
        O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
        O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe"
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
        O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
        O4 - Global Startup: BeoPlayer.lnk = ?
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
        O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
        O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
        O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
        O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
        O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
        O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
        O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
        O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
        O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
        O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
        O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
        O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
        O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
        O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
        O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
        O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131299924343
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
        O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
        O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Tässä smitfiles.txt sisältö.

        smitRem © log file
        version 2.7

        by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key

        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ld****.tmp
        ncompat.tlb
        mscornet.exe

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Remaining Post-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ld****.tmp
        ncompat.tlb
        mscornet.exe

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~ Wininet.dll ~~~

        CLEAN! :)

        Vieläkin YOUR COMPUTER IS INFECTED popuppi hyppii silmille. Ja vähän väliä kone lataa automaattisesti spyaxen työpöydälle.


      • Fixaaja
        make kirjoitti:

        Logfile of HijackThis v1.99.1
        Scan saved at 12:08:02, on 24.11.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Logitech\MouseWare\system\em_exec.exe
        C:\HP\KBD\KBD.EXE
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\Program Files\LClock\lclock.exe
        C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
        C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        C:\WINDOWS\system32\LckFldService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
        O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration789.dll
        O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Beoplayertray] C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
        O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
        O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe"
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
        O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
        O4 - Global Startup: BeoPlayer.lnk = ?
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
        O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
        O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
        O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
        O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
        O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
        O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
        O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
        O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
        O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
        O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
        O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
        O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
        O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
        O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
        O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
        O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131299924343
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
        O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
        O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        Tässä smitfiles.txt sisältö.

        smitRem © log file
        version 2.7

        by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key

        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ld****.tmp
        ncompat.tlb
        mscornet.exe

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Remaining Post-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ld****.tmp
        ncompat.tlb
        mscornet.exe

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~ Wininet.dll ~~~

        CLEAN! :)

        Vieläkin YOUR COMPUTER IS INFECTED popuppi hyppii silmille. Ja vähän väliä kone lataa automaattisesti spyaxen työpöydälle.

        Sammuta Ad-watch

        Fixaa:

        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja aja smitrem uudestaan kuten äsken.

        Käynnistä normaalisti.

        Hae SpyAxeFix-> http://noahdfear.geekstogo.com/SpyAxeFix.exe

        Tallenna työpöydälle.
        Sulje kaikki ikkunat ja ohjelmat
        Tuplaklikkaa SpyAxeFix.exe, sitten klikkaa Start, jolloin SpyAxeFix purkaa itsensä omaan hakemistoon.
        Avaa SpyAxeFix-kansion ja tuplaklikkaa SpyAxeFix.bat.

        Tehtäväpalkki häviää, ja kone käynnistyy, kun fixi on valmis.

        Lähetä uusi HjT-loki, c:\smitfiles.txt-tiedoston sisältö ja SpyAxeFix-kansiossa olevien spyaxe.txt ja ST.txt:n sisältö tänne.


      • make
        Fixaaja kirjoitti:

        Sammuta Ad-watch

        Fixaa:

        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja aja smitrem uudestaan kuten äsken.

        Käynnistä normaalisti.

        Hae SpyAxeFix-> http://noahdfear.geekstogo.com/SpyAxeFix.exe

        Tallenna työpöydälle.
        Sulje kaikki ikkunat ja ohjelmat
        Tuplaklikkaa SpyAxeFix.exe, sitten klikkaa Start, jolloin SpyAxeFix purkaa itsensä omaan hakemistoon.
        Avaa SpyAxeFix-kansion ja tuplaklikkaa SpyAxeFix.bat.

        Tehtäväpalkki häviää, ja kone käynnistyy, kun fixi on valmis.

        Lähetä uusi HjT-loki, c:\smitfiles.txt-tiedoston sisältö ja SpyAxeFix-kansiossa olevien spyaxe.txt ja ST.txt:n sisältö tänne.

        Tota spyaxefix.bat:ia kun klikkaa tulee ilmotus WINDOWS EI VOI KÄYTTÄÄ MÄÄRITELTYÄ LAITETTA POLKUA TAI TIEDOSTOA. SINULLA EI EHKÄ OLE TARVITTAVIA KÄYTTÖOIKEUKSIA. Samalla kun sen spyaxefix.bat:in avaa ni avg ilmottaa et on löytyny virus.

        virus detected while opening file: c:\documents and settings\omistaja\työpöytä\spyaxefix\spyaxefix.bat
        virus found BAT/exitwin


      • Fixaaja
        make kirjoitti:

        Tota spyaxefix.bat:ia kun klikkaa tulee ilmotus WINDOWS EI VOI KÄYTTÄÄ MÄÄRITELTYÄ LAITETTA POLKUA TAI TIEDOSTOA. SINULLA EI EHKÄ OLE TARVITTAVIA KÄYTTÖOIKEUKSIA. Samalla kun sen spyaxefix.bat:in avaa ni avg ilmottaa et on löytyny virus.

        virus detected while opening file: c:\documents and settings\omistaja\työpöytä\spyaxefix\spyaxefix.bat
        virus found BAT/exitwin

        Ota nettipiuha pois ja avg pois päältä. Toi ei ole virus, se saan haluaa käynnistää koneen uudelleen, siks avg valittaa, "/exitwin". Jollei noin onnistu, niin yritä tehdä sama fixi vikasietotilassa (avg nettipiuha pois päältä).


      • make
        Fixaaja kirjoitti:

        Ota nettipiuha pois ja avg pois päältä. Toi ei ole virus, se saan haluaa käynnistää koneen uudelleen, siks avg valittaa, "/exitwin". Jollei noin onnistu, niin yritä tehdä sama fixi vikasietotilassa (avg nettipiuha pois päältä).

        Logfile of HijackThis v1.99.1
        Scan saved at 15:55:28, on 24.11.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\Program Files\Logitech\MouseWare\system\em_exec.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        C:\Program Files\LClock\lclock.exe
        C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
        C:\WINDOWS\system32\LckFldService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
        O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration789.dll
        O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Beoplayertray] C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
        O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
        O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe"
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
        O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
        O4 - Global Startup: BeoPlayer.lnk = ?
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
        O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
        O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
        O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
        O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
        O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
        O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
        O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
        O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
        O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
        O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
        O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
        O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
        O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
        O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
        O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
        O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131299924343
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
        O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
        O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        smitRem © log file
        version 2.7

        by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key

        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Remaining Post-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~ Wininet.dll ~~~

        CLEAN! :)

        SpyAxeFix © by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Killing PID 1348 'explorer.exe'
        Killing PID 1348 'explorer.exe'

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Error, Cannot find a process with an image name of rundll32.exe

        REGEDIT4

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
        "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

        Tota ST.txt:tä ei näkyny ja lisäks tää on ja pysyy
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe


      • Fixaaja
        make kirjoitti:

        Logfile of HijackThis v1.99.1
        Scan saved at 15:55:28, on 24.11.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\Program Files\Logitech\MouseWare\system\em_exec.exe
        C:\HP\KBD\KBD.EXE
        C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        C:\Program Files\LClock\lclock.exe
        C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
        C:\WINDOWS\system32\LckFldService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\hjt\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapeli.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
        O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
        O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration789.dll
        O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Beoplayertray] C:\Program Files\Bang & Olufsen\BeoPlayer\Beotray.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
        O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
        O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
        O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe"
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
        O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
        O4 - Global Startup: BeoPlayer.lnk = ?
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
        O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
        O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
        O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
        O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
        O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
        O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
        O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
        O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
        O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
        O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
        O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
        O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
        O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
        O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
        O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
        O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
        O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
        O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
        O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
        O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
        O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
        O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
        O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
        O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131299924343
        O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
        O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
        O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
        O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
        O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        smitRem © log file
        version 2.7

        by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key

        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Remaining Post-run Files

        ~~~ Program Files ~~~

        ~~~ Shortcuts ~~~

        ~~~ Favorites ~~~

        ~~~ system32 folder ~~~

        ~~~ Icons in System32 ~~~

        ~~~ Windows directory ~~~

        ~~~ Drive root ~~~

        ~~~ Miscellaneous Files/folders ~~~

        ~~~ Wininet.dll ~~~

        CLEAN! :)

        SpyAxeFix © by noahdfear

        Microsoft Windows XP [versio 5.1.2600]

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Killing PID 1348 'explorer.exe'
        Killing PID 1348 'explorer.exe'

        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
        Error, Cannot find a process with an image name of rundll32.exe

        REGEDIT4

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
        "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

        Tota ST.txt:tä ei näkyny ja lisäks tää on ja pysyy
        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

        Onko vielä sen SpyAxen kanssa ongelmia?

        Tää rivi ei lähde sen Ad-watchin takia.

        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

        Jos haluat sen pois, niin yritä fixata se vikasiedossa. Ei ole pakko, tiedosto on kuitenkin pois.


      • make
        Fixaaja kirjoitti:

        Onko vielä sen SpyAxen kanssa ongelmia?

        Tää rivi ei lähde sen Ad-watchin takia.

        O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe

        Jos haluat sen pois, niin yritä fixata se vikasiedossa. Ei ole pakko, tiedosto on kuitenkin pois.

        eikä popupit hypi silmille ja muutenkin kaikki näyttäis olevan ok.

        ISO KIITOS sulle kun jaksat jelppiä.


      • Fixaaja
        make kirjoitti:

        eikä popupit hypi silmille ja muutenkin kaikki näyttäis olevan ok.

        ISO KIITOS sulle kun jaksat jelppiä.

        Kiitosta on aina mukava saada :)


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Stefu LOISTAVAA!

      Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta
      Kotimaiset julkkisjuorut
      134
      2024
    2. Msisa on eronnut

      Mies ei kestänyt jatkuvia syrjähyppyjä eikä totuutta Turun yöstä.
      Kotimaiset julkkisjuorut
      29
      1082
    3. Missä sinuun mies voisi

      näin pääsiäisenä vahingossa törmätä? Ei ilmeisesti missään?
      Ikävä
      69
      883
    4. Venäläisiä keksintöjä?

      Kun tässä nyt yritän miettiä venäläisiä keksintöjä, niin ei äkkiseltään tule oikein yhtään mieleen. Onko niitä edes?
      Maailman menoa
      262
      770
    5. Tiedän että on aika luovuttaa

      En vaan osaa. Liian kauan toivonut jotain, mikä ei koskaan tule toteutumaan. Olo ei ole mitenkään hyvä, mutta itken vähemmän kuin silloin kun sinuun r
      Ikävä
      65
      760
    6. Raviskalla tappo?

      Huhuja liikkuu et raviskalla ois joku laitettu kylymäksi?
      Oulainen
      14
      744
    7. Sun mies on mun

      Sinun mies on yksin minun ja sinä et voi sille mitään.
      Ikävä
      83
      693
    8. Katumuksesta

      Pitkäperjantaina eräässä seurueessa puhuttiin katumisesta ja mitä itse kukin katuu. Yleisintä tuntui olevan pahasti sanominen jollekin läheiselle ja t
      Sinkut
      132
      687
    9. Sisällissota kiihtyy Ruotsissa

      KaupunkiTaistelut koraanin puolesta kiihtyneet Linköpingissä ja Malmössä. Ruotsin poliisi joutunut vetäytymään suojiin. Päätän raporttini Ruotsista.
      Maailman menoa
      213
      679
    10. Et arvaa nainen, miten ikävä mulla on sinua.

      Sinua ei voi unohtaa. Pusu sulle musulle!
      Ikävä
      26
      673
    Aihe