|
HjT loki
|
|
|
sidari
Suspended due to non-functional email address
|
23. helmikuuta 2006 @ 00:20 |
Linkki tähän viestiin
|
Elikkäs häiritsee noi popupit, olen lukenut noita edellisiä ketjuja mutta ei auta. Multa löytyy varmaan 5 eri spyware/ad-ware/worm/etc... poisto-ohjelmia mutta ei niin ei. Tässä HjT loki:
Logfile of HijackThis v1.99.1
Scan saved at 5:21:13, on 23.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SiDaRi\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\irp6l57s1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Those who can drive fast only on straightaways are
amatuers. Those who''''ve mastered the corners are middle rank. An advanced driver makes the difference
not in the straightaway or the corners...
|
Senior Member
|
23. helmikuuta 2006 @ 05:04 |
Linkki tähän viestiin
|
Ai ai, missäs ovat Winkkarin ja IE:n tietoturvapäivitykset? Jos et hae service packejä, kone todennäköisesti saastuu pian uudestaan. HijackThis kannattaa siirtää myös omaan hakemistoonsa (esim. c:\hjt).
EDIT: sinulla taitaa olla tuosta 020-alkuisesta rivistä päätellen Look2Me.
Tuossa ohjetta (kiitokset Rawelle):
Lataa Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) työpöydällesi.
* Sulje kaikki ikkunat ennen jatkamista.
* Tupla-klikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
* Rastita Run this program as a task.
* Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
* Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
* Kun skannaus on valmis, klikkaa Remove L2M valintaa.
* Saat Done Scanning viestin, klikkaa OK.
* Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
* Tietokoneesi sammuttaa itsensä.
* Käynnistä koneesi uudelleen.
* Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.
Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.
Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Koeta uudelleen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. helmikuuta 2006 @ 05:12
|
AfterDawn Addict
|
23. helmikuuta 2006 @ 05:51 |
Linkki tähän viestiin
|
|
|
|
sidari
Suspended due to non-functional email address
|
23. helmikuuta 2006 @ 09:41 |
Linkki tähän viestiin
|
elikkäs tässä on tämä:
Look2Me-Destroyer V1.0.6
Scanning for infected files.....
Scan started at 23.2.2006 14:48:56
Infected! C:\WINDOWS\system32\irp6l57s1.dll
Infected! C:\WINDOWS\system32\g0lmla311d.dll
Infected! C:\WINDOWS\system32\irp6l57s1.dll
Infected! C:\WINDOWS\System32\guard.tmp
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\irp6l57s1.dll
C:\WINDOWS\system32\irp6l57s1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\g0lmla311d.dll
C:\WINDOWS\system32\g0lmla311d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\irp6l57s1.dll
C:\WINDOWS\system32\irp6l57s1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCD
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Ja Sitten HjT loki:
Logfile of HijackThis v1.99.1
Scan saved at 15:01:34, on 23.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SiDaRi\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Those who can drive fast only on straightaways are
amatuers. Those who''''ve mastered the corners are middle rank. An advanced driver makes the difference
not in the straightaway or the corners...
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. helmikuuta 2006 @ 10:02
|
AfterDawn Addict
|
23. helmikuuta 2006 @ 10:17 |
Linkki tähän viestiin
|
|
Loki on puhdas. Ongelmat hävinneet? Ja sitten windows updateen, hopi hopi.
|
|
sidari
Suspended due to non-functional email address
|
23. helmikuuta 2006 @ 22:25 |
Linkki tähän viestiin
|
|
ei onkelmia enään TÄNKS jeesistä. Ei onnistu SP2:sen asentaminen valittaa product key:stä. (ware) Olen kokeillut monia eri product keytä mutta ei hyväksy niin ei hyväksy. Jos joku tietäis miten saisin sen asennettua niin pääsisin taas ajantasalle :)
Those who can drive fast only on straightaways are
amatuers. Those who''''ve mastered the corners are middle rank. An advanced driver makes the difference
not in the straightaway or the corners...
|
|
HolyDiver
Newbie
|
23. helmikuuta 2006 @ 22:53 |
Linkki tähän viestiin
|
|
Eikun kauppaan ja ostat aidon Windowsin niin ongelma ratkeaa.
|
|
Mainos
|
|
|
|
sidari
Suspended due to non-functional email address
|
2. maaliskuuta 2006 @ 09:32 |
Linkki tähän viestiin
|
|
En ole menossa ostamaan koska kohta tulee Windows Vista. Jos sit vaikka uhrais sen muutaman kympin
Those who can drive fast only on straightaways are
amatuers. Those who''''ve mastered the corners are middle rank. An advanced driver makes the difference
not in the straightaway or the corners...
|
