|
Kone toimii hitaasti, packed.win32.klone.t??
|
|
|
jphirvon
Newbie
|
18. tammikuuta 2007 @ 19:36 |
Linkki tähän viestiin
|
Moi!
Tietsikka on toiminut hitaasti, lataa outoja sivuja ja en saa vikaa korjattua Ad-aware:lla, enkä spybotin sd:llä. F-securen client security ilmoittaa mm. packed.win32.klone.t:stä.
Apua?
Logfile of HijackThis v1.99.1
Scan saved at 0:22:06, on 19.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\o2flash.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Downloads\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0.9\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\qelanxlp.dll (file missing)
O2 - BHO: (no name) - {D8E3F3B0-C595-4913-8217-AD3312CC5885} - C:\WINDOWS\system32\jkhfg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\yvyncuga.dll",setvm
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E1F1D3-A006-4E94-8E3E-765309EF6A79}: NameServer = 157.24.100.6,157.24.8.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
jphirvon
Newbie
|
18. tammikuuta 2007 @ 22:25 |
Linkki tähän viestiin
|
|
Skannasin Escan:lla, Virus logi:
File C:\WINDOWS\system32\jkhfg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\WINDOWS\system32\ahoyukht.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ahuwyhec.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ascfebet.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bedfuvxu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\euintsps.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gpnqywen.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\iposwdwd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\jkhfg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\WINDOWS\system32\jsgihfsw.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\jvxgpoud.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.
File C:\WINDOWS\system32\lgqbnhfj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ljsvqjds.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qstsbast.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\queytsak.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ttoshxvd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\WINDOWS\system32\wcghkixo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\wnvelxss.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xuiwptyp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\yvyncuga.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\ahoyukht.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ahuwyhec.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ascfebet.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\bedfuvxu.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\euintsps.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\gpnqywen.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\iposwdwd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\jkhfg.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\WINDOWS\system32\jsgihfsw.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\jvxgpoud.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.
File C:\WINDOWS\system32\lgqbnhfj.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ljsvqjds.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\qstsbast.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\queytsak.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\ttoshxvd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\WINDOWS\system32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\WINDOWS\system32\wcghkixo.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\wnvelxss.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\xuiwptyp.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\system32\yvyncuga.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
|
|
Hujo
Suspended permanently
|
19. tammikuuta 2007 @ 06:17 |
Linkki tähän viestiin
|
Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.
? Tupla-klikkaa VundoFix.exe ajaaksesi sen.
? Klikkaa Scan for Vundo valintaa.
? Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
? Sinulta kysytään haluatko poistaa filut - klikkaa YES.
? Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
? Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
? Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Voiko tietsikka koskaan toimia?
|
|
jphirvon
Newbie
|
19. tammikuuta 2007 @ 08:09 |
Linkki tähän viestiin
|
VundoFix:n tallentama tiedosto:
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Scan started at 12:46:49 19.1.2007
Listing files found while scanning....
C:\WINDOWS\system32\agucnyvy.ini
C:\WINDOWS\system32\ahoyukht.exe
C:\WINDOWS\system32\ahuwyhec.exe
C:\WINDOWS\system32\ascfebet.exe
C:\WINDOWS\system32\asdhqopm.exe
C:\WINDOWS\system32\bedfuvxu.exe
C:\WINDOWS\system32\duopgxvj.ini
C:\WINDOWS\system32\dwdwsopi.ini
C:\WINDOWS\system32\dvxhsott.ini
C:\WINDOWS\system32\euintsps.exe
C:\WINDOWS\system32\gpnqywen.exe
C:\WINDOWS\system32\iposwdwd.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jsgihfsw.dll
C:\WINDOWS\system32\jvxgpoud.dll
C:\WINDOWS\system32\lgqbnhfj.exe
C:\WINDOWS\system32\ljsvqjds.exe
C:\WINDOWS\system32\qelanxlp.dll
C:\WINDOWS\system32\qstsbast.exe
C:\WINDOWS\system32\queytsak.exe
C:\WINDOWS\system32\rqrspnk.dll
C:\WINDOWS\system32\ttoshxvd.dll
C:\WINDOWS\system32\wcghkixo.exe
C:\WINDOWS\system32\wnvelxss.exe
C:\WINDOWS\system32\wsfhigsj.ini
C:\WINDOWS\system32\xuiwptyp.exe
C:\WINDOWS\system32\yvyncuga.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\agucnyvy.ini
C:\WINDOWS\system32\agucnyvy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ahoyukht.exe
C:\WINDOWS\system32\ahoyukht.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ahuwyhec.exe
C:\WINDOWS\system32\ahuwyhec.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ascfebet.exe
C:\WINDOWS\system32\ascfebet.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\asdhqopm.exe
C:\WINDOWS\system32\asdhqopm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\bedfuvxu.exe
C:\WINDOWS\system32\bedfuvxu.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\duopgxvj.ini
C:\WINDOWS\system32\duopgxvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dwdwsopi.ini
C:\WINDOWS\system32\dwdwsopi.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dvxhsott.ini
C:\WINDOWS\system32\dvxhsott.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\euintsps.exe
C:\WINDOWS\system32\euintsps.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gpnqywen.exe
C:\WINDOWS\system32\gpnqywen.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\iposwdwd.dll
C:\WINDOWS\system32\iposwdwd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jsgihfsw.dll
C:\WINDOWS\system32\jsgihfsw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvxgpoud.dll
C:\WINDOWS\system32\jvxgpoud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lgqbnhfj.exe
C:\WINDOWS\system32\lgqbnhfj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljsvqjds.exe
C:\WINDOWS\system32\ljsvqjds.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstsbast.exe
C:\WINDOWS\system32\qstsbast.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\queytsak.exe
C:\WINDOWS\system32\queytsak.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrspnk.dll
C:\WINDOWS\system32\rqrspnk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttoshxvd.dll
C:\WINDOWS\system32\ttoshxvd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wcghkixo.exe
C:\WINDOWS\system32\wcghkixo.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\wnvelxss.exe
C:\WINDOWS\system32\wnvelxss.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\wsfhigsj.ini
C:\WINDOWS\system32\wsfhigsj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xuiwptyp.exe
C:\WINDOWS\system32\xuiwptyp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yvyncuga.dll
C:\WINDOWS\system32\yvyncuga.dll Has been deleted!
Performing Repairs to the registry.
Done!
Ja tuore HjT -logi:
Logfile of HijackThis v1.99.1
Scan saved at 13:05:21, on 19.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\System32\o2flash.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0.9\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD1DDBE-FAC5-4DDE-8CEC-B87CD950C253} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E1F1D3-A006-4E94-8E3E-765309EF6A79}: NameServer = 157.24.100.6,157.24.8.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Hujo
Suspended permanently
|
19. tammikuuta 2007 @ 08:24 |
Linkki tähän viestiin
|
scannaa hjt:llä merkkaa paina Fix checked
O2 - BHO: (no name) - {0AD1DDBE-FAC5-4DDE-8CEC-B87CD950C253} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
Käynnistä > suorita kirjoita alla olevat ja jokasisen rivin jälkeen paina ok
sc stop NipSvc
sc delete NipSvc
poista vikasiedossa
C:\VIRUSfighter\Nvc
C:\VIRUSfighter <--- onkos tuossa muuta jos ei ole poista kokonaan
otas vielä Vundofix ajo
laita myös uusi HjT loki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 19. tammikuuta 2007 @ 08:30
|
|
jphirvon
Newbie
|
19. tammikuuta 2007 @ 09:07 |
Linkki tähän viestiin
|
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Scan started at 12:46:49 19.1.2007
Listing files found while scanning....
C:\WINDOWS\system32\agucnyvy.ini
C:\WINDOWS\system32\ahoyukht.exe
C:\WINDOWS\system32\ahuwyhec.exe
C:\WINDOWS\system32\ascfebet.exe
C:\WINDOWS\system32\asdhqopm.exe
C:\WINDOWS\system32\bedfuvxu.exe
C:\WINDOWS\system32\duopgxvj.ini
C:\WINDOWS\system32\dwdwsopi.ini
C:\WINDOWS\system32\dvxhsott.ini
C:\WINDOWS\system32\euintsps.exe
C:\WINDOWS\system32\gpnqywen.exe
C:\WINDOWS\system32\iposwdwd.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jsgihfsw.dll
C:\WINDOWS\system32\jvxgpoud.dll
C:\WINDOWS\system32\lgqbnhfj.exe
C:\WINDOWS\system32\ljsvqjds.exe
C:\WINDOWS\system32\qelanxlp.dll
C:\WINDOWS\system32\qstsbast.exe
C:\WINDOWS\system32\queytsak.exe
C:\WINDOWS\system32\rqrspnk.dll
C:\WINDOWS\system32\ttoshxvd.dll
C:\WINDOWS\system32\wcghkixo.exe
C:\WINDOWS\system32\wnvelxss.exe
C:\WINDOWS\system32\wsfhigsj.ini
C:\WINDOWS\system32\xuiwptyp.exe
C:\WINDOWS\system32\yvyncuga.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\agucnyvy.ini
C:\WINDOWS\system32\agucnyvy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ahoyukht.exe
C:\WINDOWS\system32\ahoyukht.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ahuwyhec.exe
C:\WINDOWS\system32\ahuwyhec.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ascfebet.exe
C:\WINDOWS\system32\ascfebet.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\asdhqopm.exe
C:\WINDOWS\system32\asdhqopm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\bedfuvxu.exe
C:\WINDOWS\system32\bedfuvxu.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\duopgxvj.ini
C:\WINDOWS\system32\duopgxvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dwdwsopi.ini
C:\WINDOWS\system32\dwdwsopi.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dvxhsott.ini
C:\WINDOWS\system32\dvxhsott.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\euintsps.exe
C:\WINDOWS\system32\euintsps.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\gpnqywen.exe
C:\WINDOWS\system32\gpnqywen.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\iposwdwd.dll
C:\WINDOWS\system32\iposwdwd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jsgihfsw.dll
C:\WINDOWS\system32\jsgihfsw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvxgpoud.dll
C:\WINDOWS\system32\jvxgpoud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lgqbnhfj.exe
C:\WINDOWS\system32\lgqbnhfj.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljsvqjds.exe
C:\WINDOWS\system32\ljsvqjds.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\qstsbast.exe
C:\WINDOWS\system32\qstsbast.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\queytsak.exe
C:\WINDOWS\system32\queytsak.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrspnk.dll
C:\WINDOWS\system32\rqrspnk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttoshxvd.dll
C:\WINDOWS\system32\ttoshxvd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wcghkixo.exe
C:\WINDOWS\system32\wcghkixo.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\wnvelxss.exe
C:\WINDOWS\system32\wnvelxss.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\wsfhigsj.ini
C:\WINDOWS\system32\wsfhigsj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xuiwptyp.exe
C:\WINDOWS\system32\xuiwptyp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yvyncuga.dll
C:\WINDOWS\system32\yvyncuga.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Scan started at 13:52:10 19.1.2007
Listing files found while scanning....
C:\WINDOWS\system32\qelanxlp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Hjt -logi:
Logfile of HijackThis v1.99.1
Scan saved at 14:00:55, on 19.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\o2flash.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Downloads\HijackThis_v1.99.1.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0.9\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E1F1D3-A006-4E94-8E3E-765309EF6A79}: NameServer = 157.24.100.6,157.24.8.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Ja C:\VIRUSfighter ei löytynyt..
|
|
Hujo
Suspended permanently
|
19. tammikuuta 2007 @ 13:38 |
Linkki tähän viestiin
|
|
Vielä vuondofix uudestaan
Voiko tietsikka koskaan toimia?
|
|
jphirvon
Newbie
|
19. tammikuuta 2007 @ 15:13 |
Linkki tähän viestiin
|
Ajoin myös HjT:n. Kone on nyt huomattavasti nopeampi. Ilmeisesti joku "ökö" koneella vielä on, se sano "hellou!"
Logfile of HijackThis v1.99.1
Scan saved at 20:02:30, on 19.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\o2flash.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Downloads\HijackThis_v1.99.1.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0.9\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E1F1D3-A006-4E94-8E3E-765309EF6A79}: NameServer = 157.24.100.6,157.24.8.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Ja VundoFix:n -logi:
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Scan started at 19:53:00 19.1.2007
Listing files found while scanning....
C:\WINDOWS\system32\qelanxlp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Ja hei, KIITOS avusta!
|
|
Hujo
Suspended permanently
|
19. tammikuuta 2007 @ 15:49 |
Linkki tähän viestiin
|
Lataa killbox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivi tosta alapuolelta yhellä kertaa
C:\WINDOWS\system32\qelanxlp.dll
Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
se on tuo mainos mikä huutelee
Voiko tietsikka koskaan toimia?
|
|
jphirvon
Newbie
|
19. tammikuuta 2007 @ 16:24 |
Linkki tähän viestiin
|
Killbox ei löydä tiedostoa C:\WINDOWS\system32\qelanxlp.dll.
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Scan started at 20:57:51 19.1.2007
Listing files found while scanning....
C:\WINDOWS\system32\qelanxlp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Ja
Logfile of HijackThis v1.99.1
Scan saved at 21:21:54, on 19.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\o2flash.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Janne\Työpöytä\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0.9\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0.9\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E1F1D3-A006-4E94-8E3E-765309EF6A79}: NameServer = 157.24.100.6,157.24.8.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\System32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
Hujo
Suspended permanently
|
19. tammikuuta 2007 @ 16:31 |
Linkki tähän viestiin
|
|
laita piilotiedostot näkyviin
* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.
etsi tuo sitten ja poista
C:\WINDOWS\system32\qelanxlp.dll
laita sen jälkeen piilotiedostot pois näkyvistä
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
jphirvon
Newbie
|
20. tammikuuta 2007 @ 19:54 |
Linkki tähän viestiin
|
|
Laitoin piilotiedostot näkyviin, ei mitään muutosta. Killbox ilmoittaa: "PendingFileRenameOperations Registry Data has been Removed by External Process!"
|
