Logfile of HijackThis v1.99.1
Scan saved at 21:36:05, on 10.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
E:\Ohjelmat\security suite\ewidoctrl.exe
E:\Ohjelmat\security suite\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\ajurit\SIDEWI~1\common\swtrayv4.exe
C:\WINDOWS\System32\MMTray.exe
H:\ohjelmat\quicktime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
H:\Ohjelmat\Antivirus\AVGNT.EXE
H:\Ohjelmat\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
G:\PcSuite\ECTaskScheduler.exe
G:\PcSuite\ConnectState.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
g:\PcSuite\BROADC~1.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
Created on: 21:32:07, 10.12.2005
Report-Checksum: DE08A9DA
Scan result:
C:\Documents and Settings\Jari\Cookies\jari@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc13.exe -> Trojan.DNSChanger.R : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc14.exe -> Trojan.Qhost.df : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc2.exe -> Trojan.Qhost.df : Cleaned with backup
C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\skrb0x.exe -> Downloader.Small.bwr : Cleaned with backup
E:\DC lataukset\Norton Antivirus 2005 Fin\Norton Antivirus 2005 FIN keygen\Norton internet security 2005 ohjeet\KGNIS.EXE -> Dropper.Delf.fd : Cleaned with backup
G:\Nero6303 Keygen.exe -> Dropper.Delf.gi : Cleaned with backup
H:\System Volume Information\_restore{E26DA291-830A-4E52-A85C-3C2EF04D062C}\RP2\A0000594.exe -> Spyware.NewDotNet : Cleaned with backup
::Report End
ongelmat jatkuu...
APUVA!
5
353
Vastaukset
- Fixaaja
Fixaa HjT:llä:
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
Hae hoster ->
http://www.funkytoad.com/download/hoster.zip
Pura zippi ja tuplaklikkaa hoster.exe
Paina "Restore original hosts" ja ok.
Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm.
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).
Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.
Lähetä eScanin tulokset, registry searchin tulokset ja uusi HjT-loki.- v***u
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "desktop.html" 11.12.2005 14:59:59
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
[HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte
Logfile of HijackThis v1.99.1
Scan saved at 15:02:10, on 11.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
E:\Ohjelmat\security suite\ewidoctrl.exe
E:\Ohjelmat\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\ajurit\SIDEWI~1\common\swtrayv4.exe
C:\WINDOWS\System32\MMTray.exe
H:\ohjelmat\quicktime\qttask.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
H:\Ohjelmat\Antivirus\AVGNT.EXE
H:\Ohjelmat\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
G:\PcSuite\ECTaskScheduler.exe
G:\PcSuite\ConnectState.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\RAMASST.exe
g:\PcSuite\BROADC~1.EXE
H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ja seuraavaksi? =) - Fixaaja
v***u kirjoitti:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "desktop.html" 11.12.2005 14:59:59
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
[HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte
Logfile of HijackThis v1.99.1
Scan saved at 15:02:10, on 11.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
E:\Ohjelmat\security suite\ewidoctrl.exe
E:\Ohjelmat\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\ajurit\SIDEWI~1\common\swtrayv4.exe
C:\WINDOWS\System32\MMTray.exe
H:\ohjelmat\quicktime\qttask.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
H:\Ohjelmat\Antivirus\AVGNT.EXE
H:\Ohjelmat\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
G:\PcSuite\ECTaskScheduler.exe
G:\PcSuite\ConnectState.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\RAMASST.exe
g:\PcSuite\BROADC~1.EXE
H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
E:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ja seuraavaksi? =)Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
[-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko? - v***u
Fixaaja kirjoitti:
Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
[-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?Nyt näyttää hyvältä... KIITOS!!!!
- Fixaaja
v***u kirjoitti:
Nyt näyttää hyvältä... KIITOS!!!!
Ole hyvä :)
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Mihin Ilkka Kanerva kuoli?
Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti40330820Martinan lapset JÄLLEEN valjastettu valkopesureiksi
Ei tuo nainen todellakaan täysillä käy. Vauvakin tajuaa että kysymykset ja vastaukset ovat Martinan itsensä tekemiä, lapset vastaa mitä on käsketty. J4764186Sofia Belorf ja Sonja Aiello
Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?972725Stefu LOISTAVAA!
Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta1331892Teille, Venäjällä pelottelijat
Oletatteko ja väitättekö te, että Venäjä pystyisi tuosta vain miehittämään Suomen?5901657- 861593
Kakista se ulos nainen vihdoin viimein
Että haluat, kummatkin halutaan. Otan sinut kuumaan syleilyyn sitten.751565Ujostuttaa eräs aikuinen mies...
Mitä se tämmönen on... tuo mies aiheuttaa minulle ylimääräsiä tykytyksiä... Rohkeampana pyytäsin häntä ulos mut jospa hän... Miten mun vaistot ilmoit591500Jos me käytäs nainen
Ulkona niin mitkä olisi ne kolme asiaa joita tahtoisit kysyä tai kertoa minulle?721245