Osaisko joku sanoa?

ongelma1

moikka!

Voisko joku sano missä on vika...

Ongelma on tällainen:
olen saanut spyware viruksen,
joka ilmenee siten että kotisivu on kaapattu .



Tässä olisi hjt- logi


Logfile of HijackThis v1.99.1
Scan saved at 18:24:56, on 17.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Documents and Settings\Kim\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{347CF~1\Bar888.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ajimuxpo.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163073439375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163185838109
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

Kiitos avusta:)

4

380

Äänestä

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Poistelen vain

      Lisää poista sovelutuksesta poista

      Toolbar: Bar888

      Nimeä tuosta uudeleen
      C:\Documents and Settings\Kim\Työpöytä\--> HijackThis.exe

      • ongelma1

        kiitos avusta :)

        hjt

        Logfile of HijackThis v1.99.1
        Scan saved at 19:56:55, on 17.12.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.5730.0011)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\issearch.exe
        C:\WINDOWS\system32\ISHOST.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\WINDOWS\system32\ismini.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\MSMSGS.EXE
        C:\Program Files\Eraser\eraser.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\CursorXP\CursorXP.exe
        C:\Program Files\Steam\steam.exe
        C:\WINDOWS\system32\osk.exe
        C:\WINDOWS\system32\MSSWCHX.EXE
        C:\Documents and Settings\Kim\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
        O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ajimuxpo.dll",setvm
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
        O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
        O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163073439375
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163185838109
        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
        O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
        O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

        SmitfraudFix

        19:59 17.12.2006SmitFraudFix v2.130

        Scan done at 19:55:40,42, su 17.12.2006
        Run from C:\Documents and Settings\Kim\Ty”p”yt„\SmitfraudFix\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        C:\WINDOWS\system32\ishost.exe FOUND !
        C:\WINDOWS\system32\ismini.exe FOUND !
        C:\WINDOWS\system32\issearch.exe FOUND !
        C:\WINDOWS\system32\ixt?.dll FOUND !
        C:\WINDOWS\system32\ixt??.dll FOUND !
        C:\WINDOWS\system32\olnohdw.dll FOUND !
        C:\WINDOWS\system32\ot.ico FOUND !
        C:\WINDOWS\system32\components\flx?.dll FOUND !
        C:\WINDOWS\system32\components\flx??.dll FOUND !
        C:\WINDOWS\system32\components\flx???.dll FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        C:\Program Files\Safety Bar\ FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="My Current Home Page"


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End

      • Poistelen vain
        ongelma1 kirjoitti:

        kiitos avusta :)

        hjt

        Logfile of HijackThis v1.99.1
        Scan saved at 19:56:55, on 17.12.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.5730.0011)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\issearch.exe
        C:\WINDOWS\system32\ISHOST.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\WINDOWS\system32\ismini.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\MSMSGS.EXE
        C:\Program Files\Eraser\eraser.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\CursorXP\CursorXP.exe
        C:\Program Files\Steam\steam.exe
        C:\WINDOWS\system32\osk.exe
        C:\WINDOWS\system32\MSSWCHX.EXE
        C:\Documents and Settings\Kim\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
        O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ajimuxpo.dll",setvm
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
        O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
        O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163073439375
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163185838109
        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
        O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
        O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

        SmitfraudFix

        19:59 17.12.2006SmitFraudFix v2.130

        Scan done at 19:55:40,42, su 17.12.2006
        Run from C:\Documents and Settings\Kim\Ty”p”yt„\SmitfraudFix\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        C:\WINDOWS\system32\ishost.exe FOUND !
        C:\WINDOWS\system32\ismini.exe FOUND !
        C:\WINDOWS\system32\issearch.exe FOUND !
        C:\WINDOWS\system32\ixt?.dll FOUND !
        C:\WINDOWS\system32\ixt??.dll FOUND !
        C:\WINDOWS\system32\olnohdw.dll FOUND !
        C:\WINDOWS\system32\ot.ico FOUND !
        C:\WINDOWS\system32\components\flx?.dll FOUND !
        C:\WINDOWS\system32\components\flx??.dll FOUND !
        C:\WINDOWS\system32\components\flx???.dll FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        C:\Program Files\Safety Bar\ FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="My Current Home Page"


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End

        Printtaa ohjeet ulos.

        Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

        Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

        Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

        Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

        Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
        Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
        Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

        Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.


        ja uusi hjt loki raportin kera

      • Poistelen vain
        ongelma1 kirjoitti:

        kiitos avusta :)

        hjt

        Logfile of HijackThis v1.99.1
        Scan saved at 19:56:55, on 17.12.2006
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.5730.0011)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\issearch.exe
        C:\WINDOWS\system32\ISHOST.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        C:\WINDOWS\system32\ismini.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\MSMSGS.EXE
        C:\Program Files\Eraser\eraser.exe
        C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\CursorXP\CursorXP.exe
        C:\Program Files\Steam\steam.exe
        C:\WINDOWS\system32\osk.exe
        C:\WINDOWS\system32\MSSWCHX.EXE
        C:\Documents and Settings\Kim\Työpöytä\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
        O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [Trust Gaming mouse] "C:\Program Files\Trust\GM-4200 Gamer Mouse Optical\Panel.exe"
        O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ajimuxpo.dll",setvm
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
        O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
        O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163073439375
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163185838109
        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
        O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
        O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

        SmitfraudFix

        19:59 17.12.2006SmitFraudFix v2.130

        Scan done at 19:55:40,42, su 17.12.2006
        Run from C:\Documents and Settings\Kim\Ty”p”yt„\SmitfraudFix\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        C:\WINDOWS\system32\ishost.exe FOUND !
        C:\WINDOWS\system32\ismini.exe FOUND !
        C:\WINDOWS\system32\issearch.exe FOUND !
        C:\WINDOWS\system32\ixt?.dll FOUND !
        C:\WINDOWS\system32\ixt??.dll FOUND !
        C:\WINDOWS\system32\olnohdw.dll FOUND !
        C:\WINDOWS\system32\ot.ico FOUND !
        C:\WINDOWS\system32\components\flx?.dll FOUND !
        C:\WINDOWS\system32\components\flx??.dll FOUND !
        C:\WINDOWS\system32\components\flx???.dll FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
        C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\Suosikit


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

        C:\Program Files\Safety Bar\ FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="My Current Home Page"


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End

        scannaa hjt:llä merkkaa paibna Fix checked

        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/ca b/WinAntiVirusPro2006FreeInstall.cab

    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Takaisin ylös

    Luetuimmat keskustelut

    1. Poliisi: Kymmenhenkinen pohjalaisperhe ollut vuoden kateissa kansainvälinen etsintäkuulutus Poliis

      Poliisi: Kymmenhenkinen pohjalaisperhe ollut vuoden kateissa – kansainvälinen etsintäkuulutus Poliisi pyytää yleisön apu
      Maailman menoa
      457
      3908

    2. Tässä totuus jälleensyntymisestä - voit yllättyä

      Jumalasta syntyminen Raamatussa ei tässä Joh. 3:3. ole alkukielen mukaan ollenkaan sanaa uudestisyntyminen, vaan pelkä
      Jälleensyntyminen
      318
      1662

    3. Mitään järkeä?

      Että ollaan erillään? Kummankin pää on kovilla.
      Ikävä
      116
      1486

    4. En kadu sitä, että kohtasin hänet

      mutta kadun sitä, että aloin kirjoittamaan tänne palstalle. Jollain tasolla se saa vain asiat enemmän solmuun ja tekee n
      Ikävä
      89
      1454

    5. Noniin rakas

      Annetaanko pikkuhiljaa jo olla, niin ehkä säilyy vienot hymyt kohdatessa. En edelleenkään halua sulle tai kenellekään mi
      Ikävä
      99
      1388

    6. Oisko mitenkään mahdollisesti ihan pikkuisen ikävä..

      ...edes ihan pikkuisen pikkuisen ikävä sulla mua??.. Että miettisit vaikka vähän missähän se nyt on ja oiskohan hauska n
      Ikävä
      59
      1346

    7. Lapuan sanomissa käy rytinä

      Pistivät sitten päätoimittajan pihalle
      Lapua
      50
      1276

    8. Helena Koivu : Ja kohta mennään taas

      Kohta kohtalon päivä lähestyy kuinka käy Helena Koivulle ? Kenen puolella olet? Jos vastauksesi on Helenan niin voisi
      Kotimaiset julkkisjuorut
      93
      1204

    9. Oot ihana

      Toivottavasti nähdään sattumalta jonain kesäpäivänä♥️🥺🫂
      Ikävä
      44
      1059

    10. Au pair -työ Thaimaassa herättää kiivasta keskustelua somessa: "4cm torakoita, huumeita, tauteja..."

      Au pairit -sarjan uusi kausi herättää keskustelua Suomi24 Keskustelupalvelussa. Mielipiteitä ladataan puolesta ja vastaa
      Tv-sarjat
      33
      1047
    Aihe
    TietosuojaselosteKäyttöehdotEvästeasetuksetSäännöt