Poller.exe:n poisto / help !

Pietro

2005-08-02 11:38:19

Jostain se tuli ja nyt on tiukasti koneessa. F-secure herjaa ja mikään ei tunnu osaavan poistaa. Voisiko joku ystävällinen osaaja auttaa miten saan sen poistetuksi. Kiitos paljon !

----------
Logfile of HijackThis v1.99.1
Scan saved at 11:29:38, on 2.8.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {557B24FE-EC36-4055-E50D-992D8DEFF9A7} - C:\WINDOWS\system32\ipsq32.dll (file missing)
O2 - BHO: (no name) - {C5A0213F-9307-ECF1-A431-1EE7CE97B4D6} - C:\WINDOWS\msbj32.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [omizcg] c:\windows\system32\rvpizy.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "F:\Ohjelmat\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RealAudio.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a4e60630d83dd90d05/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - F-Secure Corporation - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

405

Äänestä

Vastaukset

Juu
2005-08-02 12:59:24
Joo no sulla on ainaki 2 eri infektioo,koitetaas ensin poistaa tuo Nail kumppanit.

Ota tosta Ewido

http://www.ewido.net/en/download/

Asenna ja sitte päivitä se.

Ota tosta Nailfix

http://www.noidea.us/easyfile/file.php?download=20050515010747824

Pura se työpöydälle,mutta älä aja sitä vielä.

Käynnistä kone vikasietotilassa.

Sitte tuplaklikkaa nailfix.cmd ja sitte pitäs ikkuna välähtää ees takas.
Sen jälkeen aja se Ewido ja poista löydöt ja säästä se logi.

Sitte scannaa Hijackillä merkkaa ja Fix:saa nämä rivit jos näkyy

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {557B24FE-EC36-4055-E50D-992D8DEFF9A7} - C:\WINDOWS\system32\ipsq32.dll (file missing)
O2 - BHO: (no name) - {C5A0213F-9307-ECF1-A431-1EE7CE97B4D6} - C:\WINDOWS\msbj32.dll (file missing)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20a4e60630d83dd90d05/netzip/RdxIE601.cab

Käynnistä sitte normaalisti ja uus Hijack logi ja se Ewidon logi.
- Pietro
  2005-08-02 14:01:27
  Hieno homma, kiitos paljon. Tässä nämä uudet logit. Joku program.exe yrittää käynnistyä. Entinen Buddy.exe on vissiin häipynyt.
  ----------------------------
  Logfile of HijackThis v1.99.1
  Scan saved at 13:58:08, on 2.8.2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\ewido\security suite\ewidoctrl.exe
  C:\Program Files\ewido\security suite\ewidoguard.exe
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [omizcg] c:\windows\system32\rvpizy.exe r
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "F:\Ohjelmat\Phone\Skype.exe" /nosplash /minimized
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: RealAudio.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O15 - Trusted Zone: *.frame.crazywinnings.com
  O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  O23 - Service: F-Secure BackWeb LAN Access - F-Secure Corporation - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwlan.exe
  O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
  --------------------------------------
  ---------------------------------------------------------
  ewido security suite - Scan report
  ---------------------------------------------------------
  
  Created on:         13:42:07, 2.8.2005
  Report-Checksum:      7A8124D
  
  Scan result:
  
     HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
     HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
     HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
     C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
     C:\WINDOWS\zzywmr.exe -> Adware.BetterInternet : Cleaned with backup
     C:\WINDOWS\rtqjdhadie.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\6.tmp.exe -> Spyware.WinShow : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\E.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\1F.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\B.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\9.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\14.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\[email protected][1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\qwerty@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\qwerty@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0023345.dll -> Spyware.Banex : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024399.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024400.EXE -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024401.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0025400.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0025418.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0025488.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026469.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026483.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026495.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026497.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026502.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026601.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP86\A0026633.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP86\A0026638.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026639.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026647.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026652.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026653.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026661.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026666.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026667.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP89\A0026676.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP89\A0026695.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026710.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026723.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026746.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026780.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026791.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026795.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026796.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026819.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026821.dll -> Adware.BetterInternet : Cleaned with backup
  
  ::Report End
- Juu
  2005-08-02 14:27:06
  Pietro kirjoitti:
  Hieno homma, kiitos paljon. Tässä nämä uudet logit. Joku program.exe yrittää käynnistyä. Entinen Buddy.exe on vissiin häipynyt.
  ----------------------------
  Logfile of HijackThis v1.99.1
  Scan saved at 13:58:08, on 2.8.2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\ewido\security suite\ewidoctrl.exe
  C:\Program Files\ewido\security suite\ewidoguard.exe
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\HJT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [omizcg] c:\windows\system32\rvpizy.exe r
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "F:\Ohjelmat\Phone\Skype.exe" /nosplash /minimized
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: RealAudio.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O15 - Trusted Zone: *.frame.crazywinnings.com
  O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  O23 - Service: F-Secure BackWeb LAN Access - F-Secure Corporation - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwlan.exe
  O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
  --------------------------------------
  ---------------------------------------------------------
  ewido security suite - Scan report
  ---------------------------------------------------------
  
  Created on:         13:42:07, 2.8.2005
  Report-Checksum:      7A8124D
  
  Scan result:
  
     HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
     HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
     HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
     C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
     C:\WINDOWS\zzywmr.exe -> Adware.BetterInternet : Cleaned with backup
     C:\WINDOWS\rtqjdhadie.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\6.tmp.exe -> Spyware.WinShow : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\E.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\1F.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\B.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\9.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Local Settings\Temp\14.tmp\thnall1a.exe -> Adware.BetterInternet : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\[email protected][1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\qwerty@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
     C:\Documents and Settings\qwerty\Cookies\qwerty@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0023345.dll -> Spyware.Banex : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024399.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024400.EXE -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0024401.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0025400.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP81\A0025418.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0025488.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026469.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026483.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP84\A0026495.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026497.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026502.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP85\A0026601.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP86\A0026633.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP86\A0026638.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026639.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026647.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP87\A0026652.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026653.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026661.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026666.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP88\A0026667.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP89\A0026676.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP89\A0026695.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026710.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026723.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP90\A0026746.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026780.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026791.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026795.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026796.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026819.exe -> Adware.BetterInternet : Cleaned with backup
     C:\System Volume Information\_restore{2DBEAAAB-05F1-4490-993B-9C7C50E46410}\RP91\A0026821.dll -> Adware.BetterInternet : Cleaned with backup
  
  ::Report End
  Ota tuo ja säästa se työpöydälle
  
  http://www.mvps.org/winhelp2002/DelDomains.inf
  
  Sitte klikkaa sitä oikeella ja valikosta Asenna tai Install.
  Se poistaa nuo 015 rivit.
  
  Ota tosta AboutBuster
  
  http://www.malwarebytes.biz/AboutBuster5.zip
  
  Pura se omaan kansioon työpöydälle ja sitte avaa se ja kato jos siihen löytyy päivityksiä ja sulje se sitte.
  
  Piilotiedostot näkyviin ohje tuolla
  
  http://www.xtra.co.nz/help/0,,4155-1916458,00.html
  
  Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina Fix checked
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  O4 - HKLM\..\Run: [omizcg] c:\windows\system32\rvpizy.exe r
  
  Käynnistä sitte vikasietotilassa ja poista jos löytyy
  
  C:\WINDOWS\system32\tscsf.dll
  c:\windows\system32\rvpizy.exe r
  
  Edelleen vikasietotilassa avaa AboutBuster ja putsaa sillä 2 kertaa.
  Käynnistä sitte normaalisti ja uus Hijack logi.
- Pietro
  2005-08-02 17:22:41
  Juu kirjoitti:
  Ota tuo ja säästa se työpöydälle
  
  http://www.mvps.org/winhelp2002/DelDomains.inf
  
  Sitte klikkaa sitä oikeella ja valikosta Asenna tai Install.
  Se poistaa nuo 015 rivit.
  
  Ota tosta AboutBuster
  
  http://www.malwarebytes.biz/AboutBuster5.zip
  
  Pura se omaan kansioon työpöydälle ja sitte avaa se ja kato jos siihen löytyy päivityksiä ja sulje se sitte.
  
  Piilotiedostot näkyviin ohje tuolla
  
  http://www.xtra.co.nz/help/0,,4155-1916458,00.html
  
  Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina Fix checked
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tscsf.dll/sp.html#10001
  O4 - HKLM\..\Run: [omizcg] c:\windows\system32\rvpizy.exe r
  
  Käynnistä sitte vikasietotilassa ja poista jos löytyy
  
  C:\WINDOWS\system32\tscsf.dll
  c:\windows\system32\rvpizy.exe r
  
  Edelleen vikasietotilassa avaa AboutBuster ja putsaa sillä 2 kertaa.
  Käynnistä sitte normaalisti ja uus Hijack logi.
  Puhdistin ohjeidesi mukaan ja tässä uusi logi. Joku program.exe yritti käynnistyä edelleen kun ajoin tuota hjt:tä, liittyyköhän noihin poisto-ohjelmiin vai onko vielä jotain muuta koneessa.
  
  ------------------------------
  Logfile of HijackThis v1.99.1
  Scan saved at 17:16:29, on 2.8.2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\ewido\security suite\ewidoctrl.exe
  C:\Program Files\ewido\security suite\ewidoguard.exe
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "F:\Ohjelmat\Phone\Skype.exe" /nosplash /minimized
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: RealAudio.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  O23 - Service: F-Secure BackWeb LAN Access - F-Secure Corporation - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwlan.exe
  O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
- Juu
  2005-08-02 17:59:33
  Pietro kirjoitti:
  Puhdistin ohjeidesi mukaan ja tässä uusi logi. Joku program.exe yritti käynnistyä edelleen kun ajoin tuota hjt:tä, liittyyköhän noihin poisto-ohjelmiin vai onko vielä jotain muuta koneessa.
  
  ------------------------------
  Logfile of HijackThis v1.99.1
  Scan saved at 17:16:29, on 2.8.2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\F-Secure\Common\FSM32.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  C:\Program Files\ewido\security suite\ewidoctrl.exe
  C:\Program Files\ewido\security suite\ewidoguard.exe
  C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
  C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
  C:\Program Files\F-Secure\Common\FSMA32.EXE
  C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\F-Secure\Common\FSMB32.EXE
  C:\Program Files\F-Secure\Common\FCH32.EXE
  C:\Program Files\F-Secure\Common\FAMEH32.EXE
  C:\Program Files\F-Secure\Common\FNRB32.EXE
  C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  C:\Program Files\F-Secure\Common\FIH32.EXE
  C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
  C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\HJT\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luukku.com/luukku
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
  O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Skype] "F:\Ohjelmat\Phone\Skype.exe" /nosplash /minimized
  O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  O4 - Global Startup: RealAudio.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
  O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
  O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  O23 - Service: F-Secure BackWeb LAN Access - F-Secure Corporation - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwlan.exe
  O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
  O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
  O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
  O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
  O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
  O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
  Merkkaa ja Fix:saa
  
  O4 - Global Startup: RealAudio.exe
  
  Sitte poista tuo RealAudio.exe vikasietotilassa jos löytyy.
  Eipä muuta enää näy,Ewidon voit poistaa jos haluat.
- Pietro
  2005-08-02 19:33:59
  Juu kirjoitti:
  Merkkaa ja Fix:saa
  
  O4 - Global Startup: RealAudio.exe
  
  Sitte poista tuo RealAudio.exe vikasietotilassa jos löytyy.
  Eipä muuta enää näy,Ewidon voit poistaa jos haluat.
  Kiitos tosi paljon avustasi ! Meikäläinen tumpelo kun ei ennen edes tienny miten käynnistetään vikasietotilassa... nyt tiedän jo paljon enemmän. Ja vastedes käyn vain hengellisillä ja muuten korkeamoraalisilla sivuilla ;)

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

En ole rakastunut
Tai ihastunut sinuun. Kiinnostuin kyllä heti koska erotut massasta.
14.04.2024 18:22Ikävä
378
3700
Miksi suomalaisia vainajia säilytetään kylmäkonteissa ulkona? Näin kuolleita kohdellaan Suomessa
Suomesta ei löydy enää tilaa kuolleille. Tänä päivänä vainajia säilytetään ympäri maata ulkona kylmäkonteissa. Kontit
15.04.2024 08:49Maailman menoa
209
1813
Olen ärtynyt koska
minulla on tunteita sinua kohtaan. Tunteita joita en voi ilmaista. Kaipaan kaikkea sinussa. Siksi olen välillä hankala.
15.04.2024 15:59Ikävä
67
1384
Suomalaiset marjat loppuvat
Suomalaiset marjat mätänevät metsään, koska ulkomaalaiset, lähinnä thaimaalaiset poimijat ovat huolehtineet suomalaisten
15.04.2024 07:23Maailman menoa
151
1270
Joku tukeva täti syyttää suomalaisia rasisteiksi Hesarissa
”Kaikki valkoiset ihmiset Suomessa ovat kasvaneet rasistiseen ajatteluun”, sanoo Maija Laura Kauhanen: https://www.hs.
14.04.2024 08:22Maailman menoa
165
913
Puhutko toisista ihmisistä
pahaa, jotta näyttäytyisit itse jotenkin paremmassa valossa?
14.04.2024 12:22Ikävä
117
883
Yhteiskuntaa hyväksi käyttäjät
Kyllä täällä Suomussalmellakin osaavat käyttää näitä Suomen etuja hyväksi. Vuokrataan ns. asunto lapselle että saa asu
14.04.2024 17:53Suomussalmi
57
870
Mitä teen väärin?
Alkaa pikku hiljaa tympäsemään ainainen pakkien saanti. Eka ennen kun nähdään, miehet ovat kiinnostuneita viestittelemää
14.04.2024 23:23Sinkut
117
850
Haluaisin tietää
mikä saa sinut tuntemaan olosi rakastetuksi. Ja sitten haluaisin mahdollisuuden tehdä juuri niin. 💔
14.04.2024 20:24Ikävä
49
830
Oli mukava tavata irl
Sattuma toi sinut matkani varrelle. Ihmettelin sitä silloin, ehkä vähän vieläkin. Oli ilo jutella ja tuntea, vaikka nyt
14.04.2024 08:51Ikävä
24
829

Poller.exe:n poisto / help !

Vastaukset

Pietro kirjoitti:

Juu kirjoitti:

Pietro kirjoitti:

Juu kirjoitti:

Luetuimmat keskustelut

En ole rakastunut

Miksi suomalaisia vainajia säilytetään kylmäkonteissa ulkona? Näin kuolleita kohdellaan Suomessa

Olen ärtynyt koska

Suomalaiset marjat loppuvat

Joku tukeva täti syyttää suomalaisia rasisteiksi Hesarissa

Puhutko toisista ihmisistä

Yhteiskuntaa hyväksi käyttäjät

Mitä teen väärin?

Haluaisin tietää

Oli mukava tavata irl

OrpoPurra nostaa Suomen yleisen ALV:n EU-maiden huipulle 25,5%:iin

Hallitus korottaa yleisen arvonlisäveron 25,5 prosenttiin

Aini Mäensivu voitti Diilin - Avautuu tulevista päivistä somessa näin: "Nyt salailu loppuu ja mä..."

Miksi suomalaisia vainajia säilytetään kylmäkonteissa ulkona? Näin kuolleita kohdellaan Suomessa

Suomalaiset marjat loppuvat

Oho! Niko Saarinen saa melko persoonattomaan kotiinsa luksus faceliftin - Katso ennen-jälkeen kuvat!

Susanna Laine paljastaa, missä asuu Farmi-kuvauksissa - Tämä tuottaa haastetta: "Ei ole kauheasti.."

Katujengi tappoi uimaan poikansa kanssa menossa olleen isän

Totuus Farmi-kisaajien väleistä! Daniel Lehtonen Bile-Dani tekee paljastuksen: "Ei se mennyt.."

Li Andersson osoittaa OrpoPurran olevan täysin väärällä linjalla...