1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

KOne ja netti todella hidas hjt log

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Artsi112 03.03.2007.

  1. Artsi112

    Artsi112 Guest

    Moi!
    Kone on nyt ollo todella hidas ja muuta ja ainakun käynistän löytyy 2-3 virusta

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    c:\windows\system32\sentinel.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Arto Heino(Pomo)\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1B247F20-B54A-455C-BBD0-55BEAAEE4C2D} - C:\WINDOWS\system32\geede.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\tleqxrjo.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [veobgyc.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Application Data\veobgyc.dll",lhtsuhd
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138695625171
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
    O20 - Winlogon Notify: xxywtqp - xxywtqp.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sentinel - - c:\windows\system32\sentinel.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  2.  
  3. Hujo

    Hujo Guest

    Lataa VundoFix.exe työpöydällesi.

    Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    Klikkaa Scan for Vundo valintaa.
    Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
     
  4. Artsi112

    Artsi112 Guest

    VundoFix V6.3.12

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 13:39:57 4.3.2007

    Listing files found while scanning....

    C:\WINDOWS\system32\dbdyamac.dll
    C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\edeeg.bak2
    C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\edeeg.ini2
    C:\WINDOWS\system32\edeeg.tmp
    C:\WINDOWS\system32\geede.dll
    C:\WINDOWS\system32\ydgywohm.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dbdyamac.dll
    C:\WINDOWS\system32\dbdyamac.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\edeeg.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.bak2
    C:\WINDOWS\system32\edeeg.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.ini
    C:\WINDOWS\system32\edeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.ini2
    C:\WINDOWS\system32\edeeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\edeeg.tmp
    C:\WINDOWS\system32\edeeg.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 13:50:38, on 4.3.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\windows\system32\sentinel.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\BHODemon 2\BHODemon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Arto Heino(Pomo)\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1B247F20-B54A-455C-BBD0-55BEAAEE4C2D} - C:\WINDOWS\system32\geede.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138695625171
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
    O20 - Winlogon Notify: xxywtqp - xxywtqp.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sentinel - - c:\windows\system32\sentinel.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


    tosa noi onko puhas?
     
  5. Hujo

    Hujo Guest

    Poista nuo javat lisää poista sovelutuksesta

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10


    scannaa hjt:llä merkkaa paina Fix checked

    O2 - BHO: (no name) - {1B247F20-B54A-455C-BBD0-55BEAAEE4C2D} - C:\WINDOWS\system32\geede.dll (file missing)
    O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll (file missing)
    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
    O20 - Winlogon Notify: xxywtqp - xxywtqp.dll (file missing)
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

    Käynnistä > suorita kirjoita alla olevat rivit ja jokaisen rivin jälkeen paina enter

    sc stop NipSvc
    sc delete NipSvc

    Poista vikasiedossa kansio

    C:\Norman

    Täräytä vielä normaalissa tilassa tuo
    Vundofix

    aja vielä escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

    laita lokit ja hjt loki viimisenä uusi
     
  6. Artsi112

    Artsi112 Guest

    Täh en tajuu tota päivitys juttuu miten se päivitetään?
     
  7. Hujo

    Hujo Guest

    Tuota kun klikkaa
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

    niin mitä tapahtuu? Työpöydälle tulee ikkuna jossa on keltainen hammasratas Mwav <-- alla noin.

    tuplaklikkaa sitä tulee musta taulu seuraa ohjeita pyytää välillä painamaan jotain nappia.
     
    Moderaattorin viimeksi muokkaama: 04.03.2007
  8. Artsi112

    Artsi112 Guest

    ai juu ny toimis se ettii nyt niitä tiedostoja
     
  9. Hujo

    Hujo Guest

    aivan päivittää tunnisteet.
     
    Moderaattorin viimeksi muokkaama: 04.03.2007
  10. Artsi112

    Artsi112 Guest

    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Application Data\veobgyc.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\mst3C.tmp infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\mst50.tmp infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\mst55.tmp infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\mst5A.tmp infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\win44.tmp.exe infected by "Trojan-Downloader.Win32.Agent.bgn" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\win48.tmp.exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\zgo.exe infected by "P2P-Worm.Win32.Agent.v" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Arto Heino(Pomo)\Local Settings\Temp\__delete_on_reboot__t_d_._e_x_e_ infected by "P2P-Worm.Win32.Agent.v" Virus. Action Taken: File Deleted.
    File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP238\A0087078.exe tagged as not-a-virus:Monitor.Win32.007SpySoft.308. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP238\A0087146.exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP238\A0087149.exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP238\A0087150.exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP238\A0087151.exe infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP242\A0090420.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP242\A0090421.exe tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP242\A0090422.dll infected by "Trojan-Spy.Win32.VBStat.h" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP245\A0092462.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP249\A0092489.dll infected by "Trojan.Win32.Agent.qt" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP249\A0092505.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ha. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP250\A0094528.exe infected by "P2P-Worm.Win32.Agent.v" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP252\A0095289.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gf. No Action Taken.
    File C:\System Volume Information\_restore{8D79F1AD-F186-43F3-ADEE-2F2716F2D19F}\RP255\A0095644.dll infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.

    tosa muuuta?
     
  11. Hujo

    Hujo Guest

    ajas tuosta

    Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
     
  12. Artsi112

    Artsi112 Guest

    sit ku se oli ettiny "meni noin 7 sek" niin ei tullu mit vaan se ohjelma vaan sammu?
     
  13. Hujo

    Hujo Guest

    Pura sisältö se on zip pura se ....
    klikkaa sitä kansioo kerran > tiedostot > pura kaikki > selaa > työpöytä ok
     
  14. Artsi112

    Artsi112 Guest

    siis oon mä sen jo purkanu mut sitku käynistin sen ohjelman mis piti painaa 1 niin siin men 7 sek ja sit ei mit
     
  15. Hujo

    Hujo Guest

    painoiko sitä missä lukee smitfraudfix ja on keltasen rattaan kuva ikkunassa.
     
  16. Artsi112

    Artsi112 Guest

    yup kyllä
     
  17. Hujo

    Hujo Guest

    ----
     
    Moderaattorin viimeksi muokkaama: 04.03.2007
  18. Artsi112

    Artsi112 Guest

    siis kyllä se toimii ja se ettii mut sitku on tullu pari niin scanning niin sit sammuu
     
  19. Artsi112

    Artsi112 Guest

    oho tommonen löyty c: lt
    SmitFraudFix v2.147

    Scan done at 19:46:49,06, su 04.03.2007
    Run from C:\Documents and Settings\Arto Heino(Pomo)\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arto Heino(Pomo)

     
  20. Hujo

    Hujo Guest

    ----
     
    Moderaattorin viimeksi muokkaama: 04.03.2007
  21. Artsi112

    Artsi112 Guest

    ei mulla pääs tohon y kohtaan ku painaa sitä 2 eli clen niin työpöytä tyhjeni ja sit ei näkyny ku taustakuva?
     

Jaa tämä sivu