hjk loki
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Topi\Työpöytä\HijackThis.exe
C:\Program Files\Cheating-Death\cdeath.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\WINDOWS\system32\nkmhlcjp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
Created on: 10:31:02, 5.12.2005
Report-Checksum: 7AD2DB24
Scan result:
[232] C:\WINDOWS\system32\nkmhlcjp.dll -> Proxy.Wopla.m : Error during cleaning
:mozilla.8:C:\Documents and Settings\Harri\Application Data\Mozilla\Firefox\Profiles\ud93e626.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Harri\Application Data\Mozilla\Firefox\Profiles\ud93e626.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\harri@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\harri@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\harri@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\harri@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harri\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Fuck-access : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Topi\Application Data\Mozilla\Firefox\Profiles\lofwkazx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Topi\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-451cae74-4d6625d3.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Topi\Cookies\topi@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\69KFMXY1\kl[1].txt -> Downloader.Small.byf : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\G5W7CN8J\tool3[1].txt -> Downloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\RYO7VDW5\hosts[1].txt -> Trojan.Qhost.el : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\RYO7VDW5\toolbar[1].txt -> Downloader.VB.qr : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\W9GDY3KH\ms1[1].txt -> Downloader.Small.buh : Cleaned with backup
C:\Documents and Settings\Topi\Local Settings\Temporary Internet Files\Content.IE5\W9GDY3KH\tool1[1].txt -> Dropper.Agent.abu : Cleaned with backup
C:\Program Files\WinRAR\Uninstall.exe -> Backdoor.PoeBot.e : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__nkmhlcjp.dll -> Proxy.Wopla.m : Cleaned with backup
edelliseen vastausta
:D:D
2
88
Vastaukset
- Fixaaja
Siihen samaan aiheeseen olis voinu vastata ;)
Teitkö ewidolla "complete system scan"in?
Jos et, niin tee se nyt.
Fixaa tämä:
O21 - SSODL: SysTray.Exiv - {2963ECFC-4E5C-2f3b-B334-D67434FC72E0} - C:\WINDOWS\system32\nkmhlcjp.dll (file missing)
Hae hoster ->
http://www.funkytoad.com/download/hoster.zip
Pura zippi ja tuplaklikkaa hoster.exe
Paina "Restore original hosts" ja ok.
Laita piilotiedostot näkyviin , ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Katso löydätkö tämän ->
C:\WINDOWS\system32\paytime.exe
Jos, niin poista se vikasietotilassa (F8 käynnistyksen yhteydessä).
Käynnistä uudelllen ja lähetä uusi HjT-loki (ja ewidon raportti, jos et ajanut "complete system scan"ia).- :D:D
sopii
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Epäily: Räppäri yritti tappaa vauvansa.
https://www.mtvuutiset.fi/artikkeli/epaily-mies-yritti-tappaa-vauvansa/9300728 Tämä on erittäin järkyttävä teko täysin p455140Onko Sanna menossa Ukrainaan viettämään vuosipäivää?
Kun on bongattu Varsovan lentokentältä?1221635Välillä kyllä tuntuu, että jaat vihjeitä
Mutta miten niistä voi olla ollenkaan varma? Ja minä saan niistä kimmokkeen luulemaan yhtä sun toista. Eli mitä ajatella151459Räppäri kuoli vankilassa
Ei kuulemma ole tapahtunut rikosta. Sama vahinkohan kävi Epsteinille. https://www.hs.fi/suomi/art-2000011840869.html "501386- 141195
Kulukusuunnat
Eikö kuhmolaiset iha oikiasti tiiä kumpi o vasen ja kumpi oikia? Tuolla ku liikennemerkissä näkyy nuolet ylös ja alas, v4110081-vuotias Frederik avoimena - Ei omasta mielestä kelpaa tästä syystä realityihin: "Veemäinen..."
Junttidiscon kuninkaana tunnettu Frederik, 81, on esiintymislavoilla suvereeni tekijä. Mies on viihdyttänyt ympäri Suome171037Muusikko yritti tappaa kaksiviikkoisen vauvan
Karu epäily: Muusikko, 32, yritti tappaa kaksiviikkoisen vauvan Oulussa. IS:n selvityksen perusteella miestä ei ole syy76999Tynkä Eläintarha ei ole enää visiitin väärti
Ähtärin MesiZoo on vajonnut alas. Näytillä olevien eläinten määrä on romahtanut lähemmäs -40%. Paikat ovat päässeet pah60827Junan alle
Kuka päätti tai yritti päättää päivänsä jäämällä junan alle ja aiheutti sen takia veturikuskille ja muille traumat..?28799