APUVA!

v***u

Logfile of HijackThis v1.99.1
Scan saved at 21:36:05, on 10.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
E:\Ohjelmat\security suite\ewidoctrl.exe
E:\Ohjelmat\security suite\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\ajurit\SIDEWI~1\common\swtrayv4.exe
C:\WINDOWS\System32\MMTray.exe
H:\ohjelmat\quicktime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
H:\Ohjelmat\Antivirus\AVGNT.EXE
H:\Ohjelmat\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
G:\PcSuite\ECTaskScheduler.exe
G:\PcSuite\ConnectState.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
g:\PcSuite\BROADC~1.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

Created on: 21:32:07, 10.12.2005
Report-Checksum: DE08A9DA

Scan result:

C:\Documents and Settings\Jari\Cookies\jari@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc13.exe -> Trojan.DNSChanger.R : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc14.exe -> Trojan.Qhost.df : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc2.exe -> Trojan.Qhost.df : Cleaned with backup
C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\skrb0x.exe -> Downloader.Small.bwr : Cleaned with backup
E:\DC lataukset\Norton Antivirus 2005 Fin\Norton Antivirus 2005 FIN keygen\Norton internet security 2005 ohjeet\KGNIS.EXE -> Dropper.Delf.fd : Cleaned with backup
G:\Nero6303 Keygen.exe -> Dropper.Delf.gi : Cleaned with backup
H:\System Volume Information\_restore{E26DA291-830A-4E52-A85C-3C2EF04D062C}\RP2\A0000594.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End


ongelmat jatkuu...

5

363

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja

      Fixaa HjT:llä:

      O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe

      Hae hoster ->
      http://www.funkytoad.com/download/hoster.zip

      Pura zippi ja tuplaklikkaa hoster.exe

      Paina "Restore original hosts" ja ok.

      Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm.
      Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

      Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.

      Lähetä eScanin tulokset, registry searchin tulokset ja uusi HjT-loki.

      • v***u

        REGEDIT4
        ; RegSrch.vbs © Bill James

        ; Registry search results for string "desktop.html" 11.12.2005 14:59:59

        ; NOTE: This file will be deleted when you close WordPad.
        ; You must manually save this file to a new location if you want to refer to it again later.
        ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"


        File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
        File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte

        Logfile of HijackThis v1.99.1
        Scan saved at 15:02:10, on 11.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        C:\WINDOWS\System32\DVDRAMSV.exe
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
        E:\Ohjelmat\security suite\ewidoctrl.exe
        E:\Ohjelmat\security suite\ewidoguard.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\usrbridg.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        H:\ajurit\SIDEWI~1\common\swtrayv4.exe
        C:\WINDOWS\System32\MMTray.exe
        H:\ohjelmat\quicktime\qttask.exe
        C:\WINDOWS\System32\MMTrayLSI.exe
        C:\WINDOWS\System32\MMTray2k.exe
        H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
        H:\Ohjelmat\Antivirus\AVGNT.EXE
        H:\Ohjelmat\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
        G:\PcSuite\ECTaskScheduler.exe
        G:\PcSuite\ConnectState.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
        C:\WINDOWS\system32\RAMASST.exe
        g:\PcSuite\BROADC~1.EXE
        H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\HPZipm12.exe
        E:\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
        O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
        O4 - HKLM\..\Run: [MMTray] MMTray.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
        O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
        O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
        O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
        O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
        O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
        O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
        O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


        ja seuraavaksi? =)


      • Fixaaja
        v***u kirjoitti:

        REGEDIT4
        ; RegSrch.vbs © Bill James

        ; Registry search results for string "desktop.html" 11.12.2005 14:59:59

        ; NOTE: This file will be deleted when you close WordPad.
        ; You must manually save this file to a new location if you want to refer to it again later.
        ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"


        File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
        File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte

        Logfile of HijackThis v1.99.1
        Scan saved at 15:02:10, on 11.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        C:\WINDOWS\System32\DVDRAMSV.exe
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
        E:\Ohjelmat\security suite\ewidoctrl.exe
        E:\Ohjelmat\security suite\ewidoguard.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\usrbridg.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        H:\ajurit\SIDEWI~1\common\swtrayv4.exe
        C:\WINDOWS\System32\MMTray.exe
        H:\ohjelmat\quicktime\qttask.exe
        C:\WINDOWS\System32\MMTrayLSI.exe
        C:\WINDOWS\System32\MMTray2k.exe
        H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
        H:\Ohjelmat\Antivirus\AVGNT.EXE
        H:\Ohjelmat\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
        G:\PcSuite\ECTaskScheduler.exe
        G:\PcSuite\ConnectState.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
        C:\WINDOWS\system32\RAMASST.exe
        g:\PcSuite\BROADC~1.EXE
        H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\HPZipm12.exe
        E:\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
        O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
        O4 - HKLM\..\Run: [MMTray] MMTray.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
        O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
        O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
        O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
        O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
        O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
        O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
        O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


        ja seuraavaksi? =)

        Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .

        Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

        Windows Registry Editor Version 5.00

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?


      • v***u
        Fixaaja kirjoitti:

        Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .

        Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

        Windows Registry Editor Version 5.00

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

        Nyt näyttää hyvältä... KIITOS!!!!


      • Fixaaja
        v***u kirjoitti:

        Nyt näyttää hyvältä... KIITOS!!!!

        Ole hyvä :)


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Kuka paiskasi vauvan betoniin Oulussa?

      Nimi esiin.....
      Oulu
      89
      5585
    2. Riikan kukkaronnyöri on umpisolmussa

      Kulutus ei lähde liikkeelle, koska kansalaiset eivät usko, että: – työpaikka säilyy – tulot eivät romahda – talous ei h
      Maailman menoa
      80
      4732
    3. Jos vedetään mutkat suoraksi?

      Niin kumpaan ryhmään kuulut? A) Niihin, jotka menevät edellä ja tekevät? Vai B) Niihin, jotka kulkevat perässä ja ar
      Sinkut
      111
      3057
    4. Tanskan malli perustuu korkeaan ansioturvaan

      Ja vahvoihin työllisyys- ja kotoutumispalveluihin. Suomessa Riikka on leikannut juuri näitä: palkkatukea, työttömyysturv
      Maailman menoa
      90
      2966
    5. Epäily: Räppäri yritti tappaa vauvansa.

      https://www.mtvuutiset.fi/artikkeli/epaily-mies-yritti-tappaa-vauvansa/9300728 Tämä on erittäin järkyttävä teko täysin p
      Maailman menoa
      23
      2624
    6. Vain vasemmistolaiset ovat aitoja suomalaisia

      Esimerkiksi persut ovat ulkomaalaisen pääomasijoittajan edunvalvojia, eivät auta köyhiä suomalaisia.
      Maailman menoa
      61
      2049
    7. Anteeksipyyntöni

      Jätän tähän anteeksipyyntöni sinulle, koska en voi sanoa sitä missään muuallakaan. Pyydän anteeksi, jos purkamani tuska
      Järki ja tunteet
      25
      1986
    8. Miten must tuntuu

      et sä ajattelet mua just nyt
      Ikävä
      32
      1523
    9. Sydämeni valtiaalle

      En täältä aio asioita kysellä. Haluan tuoda tiedoksesi, että pohjimmiltani en ihmisiä tahdo satuttaa ja ajattelen muiden
      Ikävä
      114
      1449
    10. Kun et vain tajua että

      sua lähestytään feikkiprofiililla :D Hanki aivot :D m-n
      Ikävä
      185
      1328
    Aihe