APUVA!

v***u

Logfile of HijackThis v1.99.1
Scan saved at 21:36:05, on 10.12.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
E:\Ohjelmat\security suite\ewidoctrl.exe
E:\Ohjelmat\security suite\ewidoguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\ajurit\SIDEWI~1\common\swtrayv4.exe
C:\WINDOWS\System32\MMTray.exe
H:\ohjelmat\quicktime\qttask.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
H:\Ohjelmat\Antivirus\AVGNT.EXE
H:\Ohjelmat\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
G:\PcSuite\ECTaskScheduler.exe
G:\PcSuite\ConnectState.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
g:\PcSuite\BROADC~1.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

Created on: 21:32:07, 10.12.2005
Report-Checksum: DE08A9DA

Scan result:

C:\Documents and Settings\Jari\Cookies\jari@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jari\Cookies\jari@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc13.exe -> Trojan.DNSChanger.R : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc14.exe -> Trojan.Qhost.df : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-884357618-682003330-1003\Dc2.exe -> Trojan.Qhost.df : Cleaned with backup
C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\skrb0x.exe -> Downloader.Small.bwr : Cleaned with backup
E:\DC lataukset\Norton Antivirus 2005 Fin\Norton Antivirus 2005 FIN keygen\Norton internet security 2005 ohjeet\KGNIS.EXE -> Dropper.Delf.fd : Cleaned with backup
G:\Nero6303 Keygen.exe -> Dropper.Delf.gi : Cleaned with backup
H:\System Volume Information\_restore{E26DA291-830A-4E52-A85C-3C2EF04D062C}\RP2\A0000594.exe -> Spyware.NewDotNet : Cleaned with backup

::Report End

ongelmat jatkuu...

5

353

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja

      Fixaa HjT:llä:

      O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe

      Hae hoster ->
      http://www.funkytoad.com/download/hoster.zip

      Pura zippi ja tuplaklikkaa hoster.exe

      Paina "Restore original hosts" ja ok.

      Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm.
      Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

      Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa.

      Lähetä eScanin tulokset, registry searchin tulokset ja uusi HjT-loki.

      • v***u

        REGEDIT4
        ; RegSrch.vbs © Bill James

        ; Registry search results for string "desktop.html" 11.12.2005 14:59:59

        ; NOTE: This file will be deleted when you close WordPad.
        ; You must manually save this file to a new location if you want to refer to it again later.
        ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
        File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte

        Logfile of HijackThis v1.99.1
        Scan saved at 15:02:10, on 11.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        C:\WINDOWS\System32\DVDRAMSV.exe
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
        E:\Ohjelmat\security suite\ewidoctrl.exe
        E:\Ohjelmat\security suite\ewidoguard.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\usrbridg.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        H:\ajurit\SIDEWI~1\common\swtrayv4.exe
        C:\WINDOWS\System32\MMTray.exe
        H:\ohjelmat\quicktime\qttask.exe
        C:\WINDOWS\System32\MMTrayLSI.exe
        C:\WINDOWS\System32\MMTray2k.exe
        H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
        H:\Ohjelmat\Antivirus\AVGNT.EXE
        H:\Ohjelmat\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
        G:\PcSuite\ECTaskScheduler.exe
        G:\PcSuite\ConnectState.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
        C:\WINDOWS\system32\RAMASST.exe
        g:\PcSuite\BROADC~1.EXE
        H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\HPZipm12.exe
        E:\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
        O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
        O4 - HKLM\..\Run: [MMTray] MMTray.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
        O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
        O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
        O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
        O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
        O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
        O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
        O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        ja seuraavaksi? =)


      • Fixaaja
        v***u kirjoitti:

        REGEDIT4
        ; RegSrch.vbs © Bill James

        ; Registry search results for string "desktop.html" 11.12.2005 14:59:59

        ; NOTE: This file will be deleted when you close WordPad.
        ; You must manually save this file to a new location if you want to refer to it again later.
        ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        File C:\WINDOWS\desktop.html infected by "not-virus:Hoax.Win32.Aflac.a" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\System32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062186.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062196.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP658\A0062230.exe infected by "Packed.Win32.Klone.b" Virus. Action Taken: File Renamed.
        File C:\WINDOWS\system32\rzspy.exe tagged as not-a-virus:AdWare.Win32.Raze.a. No Action Taken.
        File E:\Pelit\ColinMcRae2005\CMR5_ITA.exe infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
        File E:\System Volume Information\_restore{B9BB2B4E-FD0C-4FB3-A5C6-238CABD95DC5}\RP659\A0062325.exe infecte

        Logfile of HijackThis v1.99.1
        Scan saved at 15:02:10, on 11.12.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        C:\WINDOWS\System32\DVDRAMSV.exe
        C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
        E:\Ohjelmat\security suite\ewidoctrl.exe
        E:\Ohjelmat\security suite\ewidoguard.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\usrbridg.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        H:\ajurit\SIDEWI~1\common\swtrayv4.exe
        C:\WINDOWS\System32\MMTray.exe
        H:\ohjelmat\quicktime\qttask.exe
        C:\WINDOWS\System32\MMTrayLSI.exe
        C:\WINDOWS\System32\MMTray2k.exe
        H:\ajurit\HiiriSofta\MouseWare\system\em_exec.exe
        H:\Ohjelmat\Antivirus\AVGNT.EXE
        H:\Ohjelmat\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpohmr08.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpotdd01.exe
        G:\PcSuite\ECTaskScheduler.exe
        G:\PcSuite\ConnectState.exe
        H:\Ohjelmat\HPpsc1100\Digital Imaging\bin\hpoevm08.exe
        C:\WINDOWS\system32\RAMASST.exe
        g:\PcSuite\BROADC~1.EXE
        H:\Ohjelmat\HPpsc1100\Digital Imaging\Bin\hpoSTS08.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\HPZipm12.exe
        E:\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
        O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [SideWinderTrayV4] h:\ajurit\SIDEWI~1\common\swtrayv4.exe
        O4 - HKLM\..\Run: [MMTray] MMTray.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "H:\ohjelmat\quicktime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
        O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
        O4 - HKLM\..\Run: [AVGCtrl] "H:\Ohjelmat\Antivirus\AVGNT.EXE" /min
        O4 - HKLM\..\Run: [Zone Labs Client] H:\Ohjelmat\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
        O4 - HKLM\..\RunOnce: [IomUninstallAppServices] Cmd.exe /C del "C:\Program Files\Iomega\System32\IomUninstallAppServices.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Microsoft Office.lnk = H:\Ohjelmat\Office\Office10\OSA.EXE
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille -ohjelman Tehtäväaikataulu.lnk = G:\PcSuite\ECTaskScheduler.exe
        O4 - Global Startup: PC Suite Nokia 9210i Communicatorille.lnk = G:\PcSuite\ConnectState.exe
        O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Ohjelmat\Office\Office10\EXCEL.EXE/3000
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - H:\OHJELMAT\ANTIVIRUS\AVGUARD.EXE
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - H:\Ohjelmat\Antivirus\AVWUPSRV.EXE
        O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
        O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
        O23 - Service: ewido security suite control - ewido networks - E:\Ohjelmat\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - E:\Ohjelmat\security suite\ewidoguard.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
        O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        ja seuraavaksi? =)

        Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .

        Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

        Windows Registry Editor Version 5.00

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?


      • v***u
        Fixaaja kirjoitti:

        Poista tuo -> C:\WINDOWS\System32\==>rzspy.exe regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen) .

        Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

        Windows Registry Editor Version 5.00

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="C:\\WINDOWS\\desktop.html"

        [-HKEY_USERS\S-1-5-21-1409082233-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "SubscribedURL"="C:\\WINDOWS\\desktop.html"

        Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

        Nyt näyttää hyvältä... KIITOS!!!!


      • Fixaaja
        v***u kirjoitti:

        Nyt näyttää hyvältä... KIITOS!!!!

        Ole hyvä :)


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Takaisin ylös

    Luetuimmat keskustelut

    1. Mihin Ilkka Kanerva kuoli?

      Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti
      Maailman menoa
      403
      30820
    2. Martinan lapset JÄLLEEN valjastettu valkopesureiksi

      Ei tuo nainen todellakaan täysillä käy. Vauvakin tajuaa että kysymykset ja vastaukset ovat Martinan itsensä tekemiä, lapset vastaa mitä on käsketty. J
      Kotimaiset julkkisjuorut
      476
      4186
    3. Sofia Belorf ja Sonja Aiello

      Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?
      Kotimaiset julkkisjuorut
      97
      2725
    4. Stefu LOISTAVAA!

      Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta
      Kotimaiset julkkisjuorut
      133
      1892
    5. Teille, Venäjällä pelottelijat

      Oletatteko ja väitättekö te, että Venäjä pystyisi tuosta vain miehittämään Suomen?
      Maailman menoa
      590
      1657
    6. Ilkka Kanerva on kuollut

      74-vuotiaana.
      Maailman menoa
      86
      1593
    7. Kakista se ulos nainen vihdoin viimein

      Että haluat, kummatkin halutaan. Otan sinut kuumaan syleilyyn sitten.
      Ikävä
      75
      1565
    8. Ujostuttaa eräs aikuinen mies...

      Mitä se tämmönen on... tuo mies aiheuttaa minulle ylimääräsiä tykytyksiä... Rohkeampana pyytäsin häntä ulos mut jospa hän... Miten mun vaistot ilmoit
      Ikävä
      59
      1500
    9. Jos me käytäs nainen

      Ulkona niin mitkä olisi ne kolme asiaa joita tahtoisit kysyä tai kertoa minulle?
      Ikävä
      72
      1245
    Aihe