Taustakuva kadoksissa

newuser

Taustakuva katosi ja tilalle tuli valkoinen html-sivu. Välillä myös selain siirtyy "väärille" sivuille. Ei taida kaikki olla kunnossa?
Voisiko joku ystävällisesti vilkaista oheista logia?

Logfile of HijackThis v1.99.1
Scan saved at 11:10:51 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\koti\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/uutiset/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{06904226-2DDE-4C6D-9E55-DC6A702DD9F4}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{EADB2BFB-743E-4000-93DB-F9BE6EED5603}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{06904226-2DDE-4C6D-9E55-DC6A702DD9F4}: NameServer = 85.255.114.54,85.255.112.26
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

3

184

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja

      Ja sen kylkiäisenä Raze varmaankin.

      Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):

      O1 - Hosts: localhost 127.0.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{06904226-2DDE-4C6D-9E55-DC6A702DD9F4}: NameServer = 85.255.114.54,85.255.112.26
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EADB2BFB-743E-4000-93DB-F9BE6EED5603}: NameServer = 85.255.114.54,85.255.112.26
      O17 - HKLM\System\CS1\Services\Tcpip\..\{06904226-2DDE-4C6D-9E55-DC6A702DD9F4}: NameServer = 85.255.114.54,85.255.112.26

      Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
      Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä.

      Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

      Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

      Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

      Käynnistä uudelleen ja lähetä ewidon raportti, uusi HjT-loki ja C:\fixwareout\report.txt-tiedoston sisältö tänne.

      • newuser

        Paljon kiitoksia ohjeista. Näkyvät ongelmat ainakin katosivat. Tässä vielä logit.

        Logfile of HijackThis v1.99.1
        Scan saved at 5:10:10 PM, on 5/21/2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Acer\eManager\anbmServ.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\AGRSMMSG.exe
        C:\WINDOWS\system32\Rundll32.exe
        C:\WINDOWS\system32\keyhook.exe
        C:\Program Files\Arcade\PCMService.exe
        C:\Program Files\Launch Manager\QtZgAcer.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\Microsoft IntelliPoint\point32.exe
        C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\acer\eRecovery\Monitor.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Documents and Settings\koti\Desktop\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O4 - HKLM\..\Run: [LaunchApp] Alaunch
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
        O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
        O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
        O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

        ---------------------------------

        Fixwareout ver 1.003
        Last edited 04/26/2006
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
        ...

        Microsoft (R) Windows Script Host Version 5.6
        Random Runs removed from HKLM
        ...

        PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
        Example ipsec6.exe is lagitamate

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\IPSEC6.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool

        »»»»»
        Search five digit cs, dm and jb files
        This WILL/CAN also list Legit Files, Submit them at Virustotal

        --------------------------------------------------------
        ewido anti-malware - Scan report
        ---------------------------------------------------------

        Created on:         5:04:01 PM, 5/21/2006
        Report-Checksum:      6AFFDFA2

        Scan result:

           C:\WINDOWS\system32\howiper.0xe -> Trojan.Small.gq : Cleaned with backup
           C:\WINDOWS\system32\rzspy.exe -> Adware.Raze : Cleaned with backup
           C:\WINDOWS\system32\IDOWNLOAD.0XE -> Downloader.Small.buy : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@com[1].txt -> TrackingCookie.Com : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036730.0XE -> Downloader.Small.buy : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036744.exe -> Trojan.Small.gq : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036785.dll -> Adware.Altnet : Cleaned with backup
           C:\Recycled\Dc59.exe -> Adware.Casino : Cleaned with backup

        ::Report End


      • Fixaaja
        newuser kirjoitti:

        Paljon kiitoksia ohjeista. Näkyvät ongelmat ainakin katosivat. Tässä vielä logit.

        Logfile of HijackThis v1.99.1
        Scan saved at 5:10:10 PM, on 5/21/2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Acer\eManager\anbmServ.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\ewido anti-malware\ewidoctrl.exe
        C:\Program Files\ewido anti-malware\ewidoguard.exe
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\AGRSMMSG.exe
        C:\WINDOWS\system32\Rundll32.exe
        C:\WINDOWS\system32\keyhook.exe
        C:\Program Files\Arcade\PCMService.exe
        C:\Program Files\Launch Manager\QtZgAcer.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\Microsoft IntelliPoint\point32.exe
        C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\acer\eRecovery\Monitor.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Documents and Settings\koti\Desktop\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O4 - HKLM\..\Run: [LaunchApp] Alaunch
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
        O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
        O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
        O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
        O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
        O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
        O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

        ---------------------------------

        Fixwareout ver 1.003
        Last edited 04/26/2006
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
        ...

        Microsoft (R) Windows Script Host Version 5.6
        Random Runs removed from HKLM
        ...

        PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
        Example ipsec6.exe is lagitamate

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\IPSEC6.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool

        »»»»»
        Search five digit cs, dm and jb files
        This WILL/CAN also list Legit Files, Submit them at Virustotal

        --------------------------------------------------------
        ewido anti-malware - Scan report
        ---------------------------------------------------------

        Created on:         5:04:01 PM, 5/21/2006
        Report-Checksum:      6AFFDFA2

        Scan result:

           C:\WINDOWS\system32\howiper.0xe -> Trojan.Small.gq : Cleaned with backup
           C:\WINDOWS\system32\rzspy.exe -> Adware.Raze : Cleaned with backup
           C:\WINDOWS\system32\IDOWNLOAD.0XE -> Downloader.Small.buy : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
           C:\Documents and Settings\koti\Cookies\koti@com[1].txt -> TrackingCookie.Com : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
           C:\Documents and Settings\admin2\Cookies\admin2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036730.0XE -> Downloader.Small.buy : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036744.exe -> Trojan.Small.gq : Cleaned with backup
           C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP235\A0036785.dll -> Adware.Altnet : Cleaned with backup
           C:\Recycled\Dc59.exe -> Adware.Casino : Cleaned with backup

        ::Report End

        Puhdasta tuli :)


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Mihin Ilkka Kanerva kuoli?

      Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti
      Maailman menoa
      263
      16822
    2. Oho! Susanna Laine uudessa hiustyylissä - Julkkismeikkaajalta tiukka palaute: "Ihan sama..."

      Ex-Salkkarit tähti ja juontaja Susanna Laine on monessa mukana. Ex-missi tunnetaan pitkistä, vaaleista hiuksistaan . Mitäs tykkäät uudesta hiustyylist
      Kotimaiset julkkisjuorut
      23
      5414
    3. Ilkka kanerva

      Ilkka Kanerva kuollut 74v
      Turku
      115
      2560
    4. Yllätyspaljastus: Poppari Robin Packalen kiittää urastaan iskelmätähti Juha Tapiota: "Jos mä en..."

      Oi, mikä tarina. Juha Tapio ja Robin ovat kyllä symppiksiä molemmat. Kumpi heistä on suosikkisi? https://www.suomi24.fi/viihde/yllatyspaljastus-poppar
      Kotimaiset julkkisjuorut
      15
      2036
    5. Venäjän lippulaiva Moskva upotettu Mustallamerellä

      Venäjän laivaston lippulaiva Mustalalmerellä on 180 m pituinen, Neuvostoliiton aikana rakennettu Moskva-niminen risteilijä. Ukraina ilmoitti eilen saa
      Maailman menoa
      336
      1755
    6. Pikkaraiskan puhelut

      Mitä tuo jätkä hakee sillä että julkaisee kuinka kauan on puhunut puhelimessa? Tekee itsestään vieläkin idiootimman tuolla vai mikä tää juttu?
      Kotimaiset julkkisjuorut
      111
      986
    7. Ilkka Kanerva on kuollut

      74-vuotiaana.
      Maailman menoa
      59
      948
    8. Hossein Najaf juotti lapset humalaan ja käytti häikäilemättä hyväkseen

      Keski-Suomen käräjäoikeus on tuominnut 60-vuotiaan Hossein Najafin neljän vuoden vankeusrangaistukseen. Ensimmäisen tytön kanssa hän oli useita kerto
      Maailman menoa
      30
      861
    9. Sofia Belorf ja Sonja Aiello

      Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?
      Kotimaiset julkkisjuorut
      43
      856
    Aihe