Ei onnistunut.

Viestiketju Windows -ongelmat -osiossa. Ketjun avasi JaPeVu 23.11.2004.

  1. JaPeVu

    JaPeVu Regular member

    Liittynyt:
    30.09.2004
    Viestejä:
    198
    Kiitokset:
    0
    Pisteet:
    26
    Suoritin kyseiset toimenpiteet ja se sama aloitus sivu tulee edelleenkin. Viiruksia löytyi:

    Worm_rbot.b
    troy_dialui.b
    troy_small.vn
    troy_wintrim.cd
    troy_holica.c
    html_winshow.a

    Yritin poistaa tota svs****.exe mutta se tulee takaisin

    Laitan uuden login:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:38:30, on 23.11.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\iau.exe
    C:\WINDOWS\stisvsq.exe
    C:\WINDOWS\msqdevl.exe
    C:\WINDOWS\mservice.exe
    C:\WINDOWS\lssas.exe
    C:\WINDOWS\svshost.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\regedit.exe
    D:\Jani\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: (no name) - {01822570-43E7-3BB4-310B-C31D3DD82409} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {37782E1D-932F-43C8-9DC6-A4862EC2B9F7} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
    O2 - BHO: (no name) - {DB1EC062-FA0E-7E65-4CAE-4DB588BE5CF1} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Marita\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fi/games4.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab

     
  2.  
  3. turska

    turska Regular member

    Liittynyt:
    20.10.2004
    Viestejä:
    4,040
    Kiitokset:
    0
    Pisteet:
    46
    Muutamassa paikassa on vielä toi svs****.exe,eli noi ainakin pois.
    C:\WINDOWS\svshost.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe

    Hae toi Regseeker,aja ja poista rekisteristä kaikki mitkä viittaa tohon svs****.exe:n.
    http://www.hoverdesk.net/freeware.htm
     
  4. ricardo

    ricardo Guest

    Helpoin konsti on napata kovo irti ja asentaa se kaverin koneeseen kakkoslevyksi ja ajaa siellä virus- ja spywaretestit läpi.Edellyttää tietenkin,että kaverisi kone on taatusti puhdasja että tiedostojärjestelmät ovat yhteensopivia(98 ja Me ei tunnista NTFS-järjestelmää).
     
  5. Jubez

    Jubez Regular member

    Liittynyt:
    04.05.2004
    Viestejä:
    359
    Kiitokset:
    0
    Pisteet:
    26
    Ja jos kaverin koneessa käyttö ei auta ni format C: auttaa aina. Ei se oo ku parin tunnin keikka asentaa windows uusiks.
     

Jaa tämä sivu