hjt-logi

Teltti · 06.06.2005

Rupesi kone jumittelemaan, niin huomasin, että explorer.exe vie 99% prossun tehoista. Ajoin M$ antispywaren, spybotin, ad-awaren, löytyi muutamia örkkejä. F-Securen kiintolevyscannaus kaatuu kesken scannauksen, päivitykset ok. Latasin Antivirin, niin löysi 16 troijalaista. Sain poistettua. Asensin F-securen uudestaan, sama homma jatkuu, explorer.exe vie 99 % tehoista. Nyt olen neuvoton..=) Tässä juuri ottamani hjt-logi, jos joku kiltti voisi vilkaista.

Logfile of HijackThis v1.99.1
Scan saved at 20:22:55, on 6.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\F-Secure\BackWeb\5006663\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\BackWeb\5006663\Program\fspex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\5006663\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
G:\incoming\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ivhyayhzmhqxeskx.com/5UN...Zk9tSgSXHGCJxNAhcp/sWNqoKRI1bA36d6NTHb3V.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koywmdvezhzisnzqzbum.com/5UNw1Rt5UKrJe1a14cRH26gMa9iRYwn6UAvwaWvatYQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [32 Trans] C:\DOCUME~1\Oma\APPLIC~1\AUDIOL~1\IDLE BOOK AMEN.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - G:\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - G:\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HotWhois - {CF4DA62E-8A85-4C89-8232-F555BC352B0B} - G:\HotWhois\AWIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &HotWhois - {CF4DA62E-8A85-4C89-8232-F555BC352B0B} - G:\HotWhois\AWIE.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: FolderGuard - G:\Asennetut ohjelmat\Folder Guard\FGuard32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Saunalahden Turvapaketti (BackWeb Client - 5006663) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\5006663\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\5006663\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsDeviceConnect.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

AfterDawn

morsku · 06.06.2005

Poista Mese plussa.

Yhen Madon löysin.

Voisit ajaa eScanin. Tossa asennusohje ja käyttöohje.

http://koti.mbnet.fi/pattaya1/escanmwav.htm

V-kos · 06.06.2005

Sulle kans HJT oikeaan paikkaan ennen fixailuja.
C:\hjt\hijackthis.exe <- pitäis näyttää tuolta

Sitten poista mese+ lisää/poista sovellus toiminnolla.

Ai miksi? No se on ainakin osa syyllinen tähän sotkuun.

Sitten kädet ristiin, silmät kiinni ja odottelemaan, että joku ois niin kiltti että kertois sulle mitä kaikkea fixataan.

morsku · 06.06.2005

Hihi olimpas nopeempi ku sä

V-kos · 06.06.2005

Ääh! Mä olin varmasti nopeempi, mutta mulla on vaan hitaampi yhteys niin hävisin nano sekunnin.

Teltti · 07.06.2005

eScanin löydöt:

File C:\Documents and Settings\All Users\Application Data\admin bags peak dart\boneblah.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\admin bags peak dart\mags hole.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\Oma\Application Data\audioloveooze\byyatknm.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\Oma\Application Data\audioloveooze\hpcwpczb.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\Oma\Omat tiedostot\Vastaanotetut tiedostot\Tom Clancy'S Splinter Cell - Chaos Theory Crack-Serial-Keygen.zip tagged as not-a-virusorn-Dialer.Win32.Intexdial. No Action Taken.
File C:\Program Files\FileSubmit\Neo Matrix 3D ScreenSaver\NNEZTA388.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Program Files\FileSubmit\Neo Matrix 3D ScreenSaver\TBEZA127Q.exe tagged as not-a-virus:AdWare.ToolBar.Quick.a. No Action Taken.
File C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\36C67F56-AD0A-4BB1-9D68-D97CBC\2709431B-E5E4-493B-B17A-D54007 tagged as not-a-virus:AdWare.ToolBar.HyperBar.b. No Action Taken.
File C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\36C67F56-AD0A-4BB1-9D68-D97CBC\6F9324C5-DCCA-4896-BBC3-CD1259 tagged as not-a-virus:AdWare.ToolBar.HyperBar.b. No Action Taken.
File C:\Program Files\GIANT Company Software\GIANT AntiSpyware\Quarantine\B03306BB-0BA3-4C2F-B14D-A7375F\8EC2094B-D3C5-40AA-A95E-1EF195 tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\37648B10-BC93-4D68-9BB7-2CB96D\56702769-765B-4588-866A-4E228F tagged as not-a-virus:AdWare.Sahat.m. No Action Taken.
File C:\Program Files\Serv-U\servu5corporate.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Program Files\Serv-U\ServUDaemon.exe tagged as not-a-virus:Server-FTP.Win32.Serv-U.5000. No Action Taken.
File C:\Program Files\Serv-U\ServUTray.exe tagged as not-a-virus:Server-FTP.Win32.Serv-U.5201. No Action Taken.
File C:\temp\MediaAccessInstPack.exe tagged as not-a-virus:AdWare.WinAD.ap. No Action Taken.
File G:\Asennetut ohjelmat\Aida32\aida32.exe tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
File G:\Asennetut ohjelmat\Aida32\aida_directx.dll tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
File G:\DC\Kräkkejä, Avaimia ja Ohjeita\Flatout crack-serial-keygen.zip tagged as not-a-virusorn-Dialer.Win32.Intexdial. No Action Taken.
File G:\DC\Ohjelmia\AIDA3237.ZIP tagged as not-a-virus:Tool.Win32.AIDA.3862. No Action Taken.
File G:\DC\Ohjelmia\Azureus_2.1.0.4_Win32.setup.0xe infected by "Trojan.Win32.Zapchast" Virus. Action Taken: File Deleted.
File G:\DC\Ohjelmia\bittorrent-3.4.1.0xe infected by "Trojan-Downloader.Win32.Swizzor.k" Virus. Action Taken: File Deleted.
File G:\DC\Ohjelmia\WarezP2P.exe tagged as not-a-virus:AdWare.ToolBar.HyperBar.b. No Action Taken.
File G:\System Volume Information\_restore{B7B34447-99B9-4AA4-A2A8-5FA8107EE999}\RP514\A0154967.exe tagged as not-a-virusorn-Dialer.Win32.Intexdial. No Action Taken.

V-kos · 06.06.2005

Käytä tuota edittiä ja laita [bold] escannin jälkeen uusi hjt logi [/bold] ja ne escannin löydöt tuohon edellisen login tilalle. Siitä ne on sitten Toymaatilla taas kiva alkaa työstään

Teltti · 07.06.2005

..ja uusi hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:15, on 7.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\5006663\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\BackWeb\5006663\Program\fspex.exe
C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\5006663\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\ctfmon.exe
G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsDeviceConnect.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ivhyayhzmhqxeskx.com/5UN...Zk9tSgSXHGCJxNAhcp/sWNqoKRI1bA36d6NTHb3V.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koywmdvezhzisnzqzbum.com/5UNw1Rt5UKrJe1a14cRH26gMa9iRYwn6UAvwaWvatYQ.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Conceptronic\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HotWhois - {CF4DA62E-8A85-4C89-8232-F555BC352B0B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &HotWhois - {CF4DA62E-8A85-4C89-8232-F555BC352B0B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O20 - Winlogon Notify: FolderGuard - G:\Asennetut ohjelmat\Folder Guard\FGuard32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Saunalahden Turvapaketti (BackWeb Client - 5006663) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\5006663\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Conceptronic\Bluetooth Software\bin\btwdins.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\5006663\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - G:\Asennetut ohjelmat\photoshop elements 3\PhotoshopElementsDeviceConnect.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Toymaatti · 07.06.2005

Laita piilotiedostot näkyviin
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Sammuta tuo fixin ajaksi
Microsoft AntiSpyware

Poista tuo Lisää/Poista sovelluksesta
iMeshBar

Merkkaa nuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ivhyayhzmhqxeskx.com/5UNw1Rt5UKqU2asktrOQvjQ7Zk9tSgSXH...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koywmdvezhzisnzqzbum.com/5UNw1Rt5UKrJe1a14cRH26gMa9iRY...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R3 - Default URLSearchHook is missing
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

Käynnistä vikasietotilaan ja poista nuo
C:\Program Files\===>iMeshBar<===
C:\Documents and Settings\All Users\Application Data\===>admin bags peak dart<===
C:\Documents and Settings\Oma\Application Data\===>audioloveooze<===
C:\Program Files\===>Serv-U<===

Tyhjennä temp
C:\temp

Noiden kanssa saat itse päättää mitä teet
C:\Documents and Settings\Oma\Omat tiedostot\Vastaanotetut tiedostot\Tom Clancy'S Splinter Cell - Chaos Theory Crack-Serial-Keygen.zip tagged as not-a-virusorn-Dialer.Win32.Intexdial.
C:\Program Files\FileSubmit\Neo Matrix 3D ScreenSaver\NNEZTA388.exe tagged as not-a-virus:AdWare.NewDotNet
C:\Program Files\FileSubmit\Neo Matrix 3D ScreenSaver\TBEZA127Q.exe tagged as not-a-virus:AdWare.ToolBar.Quick.a.
G:\DC\Kräkkejä, Avaimia ja Ohjeita\Flatout crack-serial-keygen.zip tagged as not-a-virusorn-Dialer.Win32.Intexdial
G:\DC\Ohjelmia\WarezP2P.exe tagged as not-a-virus:AdWare.ToolBar.HyperBar.b.

Käynnistä normaalisti ja putsaa järjestelmänpalautus niin pitäis olla kunnossa.
http://support.f-secure.fi/fin/home/virusproblem/howtoclean/cleansystemrestore.shtml

ChampiO · 07.06.2005

Teltillä on näköjään warea koneellaan.

Teltti · 07.06.2005

Ei löydy tota iMeshbaria lisää/poista sovelluksessa...

Toymaatti · 07.06.2005

Eikä muutakaan iMesh alkuista? Jos ei niin fixaa muuten niinkuin neuvoin.

Teltti · 07.06.2005

Nyt tämä kone käy kuin kello. Suuret kiitokset sulle Toymaatti ja kaikille muillekin! Putsasin vielä koneen sisältäkin, niin nyt sekin kiiltää, kuin papin kulli vihkiäisissä..=)

morsku · 07.06.2005

ImeshBar tulee Imesh ware ohjelman mukana.. Suosittelisin koko ohjelman poistoa. (kuulemma tulee viruksii sieltä)

Teltti · 07.06.2005

Jees. Latasin sen näiltä sivuilta.. pitäisiköhän se poistaa täältä, ettei muille käy samoin?

morsku · 07.06.2005

No minä ainakin poistaisin. Jos vain saisin.

Kirjaudu tai liity jäseneksi

hjt-logi

Teltti Member

morsku Guest

V-kos Regular member

morsku Guest

V-kos Regular member

Teltti Member

V-kos Regular member

Teltti Member

Toymaatti Active member

ChampiO Regular member

Teltti Member

Toymaatti Active member

Teltti Member

morsku Guest

Teltti Member

morsku Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

hjt-logi

Teltti Member

morsku Guest

V-kos Regular member

morsku Guest

V-kos Regular member

Teltti Member

V-kos Regular member

Teltti Member

Toymaatti Active member

ChampiO Regular member

Teltti Member

Toymaatti Active member

Teltti Member

morsku Guest

Teltti Member

morsku Guest

Jaa tämä sivu

Hyödyllisiä hakuja