Ei ollu koneessa vähään aikaan mitään outoo mut nyt taas on, tossa lohi alkuun:
Logfile of HijackThis v1.99.0
Scan saved at 16:13:36, on 8.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\windows\tkpqsdw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ikivldy] c:\windows\ejjuqtf.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate07659749[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 - SSODL: eplrr - {DEF33230-8340-49C3-9975-32821ABBD89F} - C:\WINDOWS\System32\eplrr3.dll
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Ja taas
22
1190
Vastaukset
- Juu
Scannaa nuo yksitellen tuolla ja ilmoita tulos
C:\windows\tkpqsdw.exe
winupdate07659749[1].exe
http://virusscan.jotti.org/- Prio
Service load: 0% 100%
File: tkpqsdw.exe
Status: INFECTED/MALWARE
Packers detected: UPX
AntiVir TR/StartPage.QP (0.38 seconds taken)
Avast Win32:StartPage-073 (1.51 seconds taken)
AVG Antivirus No viruses found (0.55 seconds taken)
BitDefender No viruses found (0.72 seconds taken)
ClamAV Trojan.Startpage-141 (0.63 seconds taken)
Dr.Web No viruses found (0.90 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Fortinet No viruses found (0.72 seconds taken)
Kaspersky Anti-Virus No viruses found (2.18 seconds taken)
mks_vir No viruses found (0.29 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.67 seconds taken)
Norman Virus Control No viruses found (0.41 seconds taken)
Statistics
Last piece of malware found was Trojan.Flooder.Mailspam.Vb.An in msnmessenger6flooder.exe, detected by:
Scanner Malware name Time taken
AntiVir X 0.38 seconds
Avast X 1.53 seconds
AVG Antivirus X 0.48 seconds
BitDefender X 0.51 seconds
ClamAV X 0.59 seconds
Dr.Web FDOS.Mailspam 0.89 seconds
F-Prot Antivirus X 0.09 seconds
Fortinet X 0.42 seconds
Kaspersky Anti-Virus Email-Flooder.Win32.VB.an 0.98 seconds
mks_vir Trojan.Flooder.Mailspam.Vb.An 0.22 seconds
NOD32 X 0.48 seconds
Norman Virus Control X 0.54 seconds
Kun scannaa "winupdate07659749[1].exe" niin tulee teksti "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
- Prio
Tuohon työpöydälle on ilmestynyt tällainen teksti, mikäköhän tää on olevinaann??
WARNING!
YOU'RE IN DANGER!
ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!
SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!
Removal instructions - Juu
Piilotiedostot näkyviin ohje tuolla
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [ikivldy] c:\windows\ejjuqtf.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate07659749[1].exe
O21 - SSODL: eplrr - {DEF33230-8340-49C3-9975-32821ABBD89F} - C:\WINDOWS\System32\eplrr3.dll
Käynnistä sitte vikasietotilassa etsi ja poista jos löytyy
spoolsrv32.exe
ejjuqtf.exe
winupdate07659749[1].exe
eplrr3.dll
tkpqsdw.exe
Käynnistä sitte normaalisti ja uus logi.- Prio
Ei löytynyt noita HjT:sta:
O4 - HKCU\..\Run: [ikivldy] c:\windows\ejjuqtf.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate07659749[1].exe
winupdate07659749[1].exe < ei voinut poistaa
spoolsrv32.exe < kun koneen käynnisti uudestaan ni sano jotain et ei löydy tuollaista???
Tossa uus logi:
Logfile of HijackThis v1.99.0
Scan saved at 20:53:15, on 8.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ljibajx] c:\windows\tcbjqke.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Juu
Prio kirjoitti:
Ei löytynyt noita HjT:sta:
O4 - HKCU\..\Run: [ikivldy] c:\windows\ejjuqtf.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate07659749[1].exe
winupdate07659749[1].exe < ei voinut poistaa
spoolsrv32.exe < kun koneen käynnisti uudestaan ni sano jotain et ei löydy tuollaista???
Tossa uus logi:
Logfile of HijackThis v1.99.0
Scan saved at 20:53:15, on 8.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ljibajx] c:\windows\tcbjqke.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe> winupdate07659749[1].exe < ei voinut poistaa <
Siis ei lähtenny pois vikasietotilassa.
Missä se on = polku - Prio
Juu kirjoitti:
> winupdate07659749[1].exe < ei voinut poistaa <
Siis ei lähtenny pois vikasietotilassa.
Missä se on = polkuEi sitä nyt löydy mistään. Tais olla et se kuitenkin poisti sen, tosin siinä tais tulla joku varoitus teksti. Ei sitä kuitenkaan roskakorissa näy, ja ne muut on siellä.
Prio kirjoitti:
Ei sitä nyt löydy mistään. Tais olla et se kuitenkin poisti sen, tosin siinä tais tulla joku varoitus teksti. Ei sitä kuitenkaan roskakorissa näy, ja ne muut on siellä.
Moi
Katso vielä ettei sitä tosiaan löydy tuosta
polusta
C:\Documents and Settings\Tomppa\Käynnistä-valikko\Ohjelmat\Käynnistys
tai jos kieli on englanti niin sitten tuosta
C:\Documents and Settings\Tomppa\Start Menu\Programs\Startup
Katso samalla löytyykö lisää / poista sovelluksessa seuraavia...jos löytyy niin poista
Browser Helper
MDS Search Booster
Poista myös se Security iGuard jos se sulla vielä on.
Logissa on vielä muutakin poistettavaa mutta Juu saa jatkaa tästä... :)
.
.- Juu
Prio kirjoitti:
Ei sitä nyt löydy mistään. Tais olla et se kuitenkin poisti sen, tosin siinä tais tulla joku varoitus teksti. Ei sitä kuitenkaan roskakorissa näy, ja ne muut on siellä.
Kato vielä jos tota löytyy
winupdate07659749[1].exe
Lähetä uus Hijack logi. - Prio
Juu kirjoitti:
Kato vielä jos tota löytyy
winupdate07659749[1].exe
Lähetä uus Hijack logi.Ei löydy mistään "winupdate07659749[1].exe"
Eikä löytynyt sieltä lisää/poista sovellus - valikosta niitä mitä piti poistaa.
Logfile of HijackThis v1.99.0
Scan saved at 12:52:40, on 9.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\aalasnl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [qhanoau] c:\windows\gonoyau.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Juu
Prio kirjoitti:
Ei löydy mistään "winupdate07659749[1].exe"
Eikä löytynyt sieltä lisää/poista sovellus - valikosta niitä mitä piti poistaa.
Logfile of HijackThis v1.99.0
Scan saved at 12:52:40, on 9.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\aalasnl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [qhanoau] c:\windows\gonoyau.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exePoista tuo koneelta
Security iGuard
Piilotiedostot näkyviin ohje tuolla
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Käynnistä kone vikasietotilassa ja scannaa Hijackillä merkkaa nuo ja paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKCU\..\Run: [qhanoau] c:\windows\gonoyau.exe
Sitte etsi ja poista jos löytyy
gonoyau.exe
aalasnl.exe
Käynnistä sitte normaalisti ja uus logi. - Prio
Juu kirjoitti:
Poista tuo koneelta
Security iGuard
Piilotiedostot näkyviin ohje tuolla
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Käynnistä kone vikasietotilassa ja scannaa Hijackillä merkkaa nuo ja paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKCU\..\Run: [qhanoau] c:\windows\gonoyau.exe
Sitte etsi ja poista jos löytyy
gonoyau.exe
aalasnl.exe
Käynnistä sitte normaalisti ja uus logi.Kotisivu pysyy nyt oikeana mutta tossa työpöydällä on vielä se varoitus.
Logfile of HijackThis v1.99.0
Scan saved at 13:53:30, on 9.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Juu
Prio kirjoitti:
Kotisivu pysyy nyt oikeana mutta tossa työpöydällä on vielä se varoitus.
Logfile of HijackThis v1.99.0
Scan saved at 13:53:30, on 9.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe> mutta tossa työpöydällä on vielä se varoitus <
Onko se tollanen,jos niin siellä näyttäis olevan joku ohje.
http://forum.gladiator-antivirus.com/index.php?showtopic=20868
Tää on vieläki täällä poista se
C:\Program Files\Security iGuard\Security iGuard.exe
Koita myös tota
http://koti.mbnet.fi/pattaya1/escanmwav.htm - Prio
Juu kirjoitti:
> mutta tossa työpöydällä on vielä se varoitus <
Onko se tollanen,jos niin siellä näyttäis olevan joku ohje.
http://forum.gladiator-antivirus.com/index.php?showtopic=20868
Tää on vieläki täällä poista se
C:\Program Files\Security iGuard\Security iGuard.exe
Koita myös tota
http://koti.mbnet.fi/pattaya1/escanmwav.htmJoo sain poistettua sen ohjeen mukaan sen varoituksen.
C:\Program Files\Security iGuard\Security iGuard.exe < ei tota löydy mistään
tuossa logi:
File C:\WINDOWS\irggnjf.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\rsdeotl.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\tcbjqke.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\gtxjanlg.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp16.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp1D.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp24.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp27.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp2F.tmp infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmpC.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc16.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc2.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc4.dll infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc5.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000002.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000003.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000004.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000011.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000030.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000046.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000059.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000072.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000085.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000094.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000095.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000096.dll infected by "Trojan-Downloader.Win32.Murlo.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000097.exe tagged as not-a-virus:AdWare.Msnagent.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000105.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000118.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000132.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000145.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000158.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000172.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000184.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000197.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000210.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000223.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000236.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000250.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000267.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000283.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000302.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000342.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000357.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000367.exe infected by "Trojan.Win32.SpoofDNS.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000373.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000386.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000392.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000398.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000410.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000425.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000439.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000461.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000475.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000488.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000501.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000515.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000530.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000543.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000556.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000569.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000582.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000595.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000606.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000611.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000631.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000644.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000657.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000669.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000670.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000671.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000672.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000673.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000674.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000675.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000676.dll infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000677.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LOLMUKY\UndergroundCorpSoftwareDownloads[1].exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CXOQL5M9\dl[1].htm tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZX1LG6IH\Xsteel_downloader[1].exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken. - Juu
Prio kirjoitti:
Joo sain poistettua sen ohjeen mukaan sen varoituksen.
C:\Program Files\Security iGuard\Security iGuard.exe < ei tota löydy mistään
tuossa logi:
File C:\WINDOWS\irggnjf.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\rsdeotl.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\tcbjqke.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\gtxjanlg.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp16.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp1D.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp24.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp27.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmp2F.tmp infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Tomppa\Local Settings\Temp\tmpC.tmp infected by "Trojan-Downloader.Win32.Murlo.b" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc16.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc2.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc4.dll infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\RECYCLER\S-1-5-21-3795071625-1623521795-489868830-1005\Dc5.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000002.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000003.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000004.exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000011.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000030.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000046.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000059.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000072.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000085.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000094.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000095.exe tagged as not-a-virus:AdWare.FindSpy.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000096.dll infected by "Trojan-Downloader.Win32.Murlo.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000097.exe tagged as not-a-virus:AdWare.Msnagent.a. No Action Taken.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000105.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000118.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000132.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000145.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000158.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000172.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000184.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000197.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000210.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000223.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000236.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000250.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000267.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000283.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000302.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000342.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000357.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000367.exe infected by "Trojan.Win32.SpoofDNS.a" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP1\A0000373.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000386.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000392.exe infected by "Trojan-Dropper.Win32.Small.ue" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000398.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000410.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000425.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000439.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000461.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000475.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000488.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000501.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000515.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000530.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000543.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000556.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000569.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000582.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000595.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000606.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000611.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000631.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000644.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000657.dll infected by "HackTool.Win32.Hidd.g" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000669.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000670.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000671.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000672.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000673.dll infected by "Trojan-Downloader.Win32.Agent.kf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000674.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000675.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000676.dll infected by "Trojan-Proxy.Win32.Small.ah" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{6EA0F8BB-25C4-4932-B75D-370D4DA510A0}\RP2\A0000677.exe infected by "Trojan.Win32.StartPage.vs" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8LOLMUKY\UndergroundCorpSoftwareDownloads[1].exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CXOQL5M9\dl[1].htm tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZX1LG6IH\Xsteel_downloader[1].exe tagged as not-a-virus:AdWare.WinAD.z. No Action Taken.Merkkaa ja Fix:saa tuo rivi logista
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
Taas noin paljo roskaa löyty,eikö sulla oo palomuuria?
Tyhjennä Temporary Internet Files ja System Restore. - Prio
Juu kirjoitti:
Merkkaa ja Fix:saa tuo rivi logista
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
Taas noin paljo roskaa löyty,eikö sulla oo palomuuria?
Tyhjennä Temporary Internet Files ja System Restore.Kyllä mulla on toi Normanin palomuuri, ja kyllä se on käytössä.
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe < ei löytynyt HjT:sta tuota riviä nyt, aikaisemmin kyllä. Ja tyhjensin Tempit mut mikä toi system restore on?? - Juu
Prio kirjoitti:
Kyllä mulla on toi Normanin palomuuri, ja kyllä se on käytössä.
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe < ei löytynyt HjT:sta tuota riviä nyt, aikaisemmin kyllä. Ja tyhjensin Tempit mut mikä toi system restore on??Sammuta System Restore sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palutuspiste.
System Restore = järjestelmänpalautustoiminto
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
> ei löytynyt HjT:sta tuota riviä nyt <
Hyvä niin. - Prio
Juu kirjoitti:
Sammuta System Restore sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palutuspiste.
System Restore = järjestelmänpalautustoiminto
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
> ei löytynyt HjT:sta tuota riviä nyt <
Hyvä niin.Tähän tuli taas tuo sama ilmoitus työpöydälle, ja kun sen poistaa vanhojen ohjeiden mukaan ni se tulee takas kun koneen käynnistää uudelleen. Onkohan tässä jotain vikaa:
Logfile of HijackThis v1.99.0
Scan saved at 11:52:37, on 13.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\wibkukw.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Juu
Prio kirjoitti:
Tähän tuli taas tuo sama ilmoitus työpöydälle, ja kun sen poistaa vanhojen ohjeiden mukaan ni se tulee takas kun koneen käynnistää uudelleen. Onkohan tässä jotain vikaa:
Logfile of HijackThis v1.99.0
Scan saved at 11:52:37, on 13.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\wibkukw.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exeJaa se on taas täällä.
Piilotiedostot näkyviin,ohje tuolla
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Käynnistä kone vikasieotilassa,scannaa Hijackillä merkkaa nuo ja Fix:saa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
Sitte poista jos löytyy
wibkukw.exe
spoolsrv32.exe
qkiaiyp.exe
winupdate98525230[1].exe - Juu
Juu kirjoitti:
Jaa se on taas täällä.
Piilotiedostot näkyviin,ohje tuolla
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Käynnistä kone vikasieotilassa,scannaa Hijackillä merkkaa nuo ja Fix:saa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
Sitte poista jos löytyy
wibkukw.exe
spoolsrv32.exe
qkiaiyp.exe
winupdate98525230[1].exeKäynnistä sitte normaalisti ja uus logi.
- nuo
Prio kirjoitti:
Tähän tuli taas tuo sama ilmoitus työpöydälle, ja kun sen poistaa vanhojen ohjeiden mukaan ni se tulee takas kun koneen käynnistää uudelleen. Onkohan tässä jotain vikaa:
Logfile of HijackThis v1.99.0
Scan saved at 11:52:37, on 13.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\wibkukw.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8A67FDD8-F501-4471-9FEC-30FA52EE74C1} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BB429D1E-4E12-4C96-B924-5871FDF93C9A} - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exesulje selain ja muut ikkunat
Sulje tämä prosessi
C:\windows\wibkukw.exe
Fixsaa nämä
C:\windows\wibkukw.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
Järjestelmän palautus pois päältä
Windows XP:
1. Valitse My Computer (klikkaa oikealla). ( OMA Tietokone )
2. Valitse Properties. ( Ominaisuudet )
3. Valitse System Restore välilehti. ( Järjestelmän palautus )
4. Valitse "Turn off System Restore". ( Poista Palautus toiminto )
5. Paina Apply. ( Käytä )
6. Paina OK.
7. Käynnistä kone uudelleen vikasietotilaan
piilotiedostot näkyviin
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Etsi/poista nämä
C:\windows\wibkukw.exe < tiedosto
C:\WINDOWS\System32\spoolsrv32.exe < tiedosto
c:\windows\qkiaiyp.exe < tiedosto
winupdate98525230[1].exe < tiedosto - Prio
nuo kirjoitti:
sulje selain ja muut ikkunat
Sulje tämä prosessi
C:\windows\wibkukw.exe
Fixsaa nämä
C:\windows\wibkukw.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: winupdate98525230[1].exe
Järjestelmän palautus pois päältä
Windows XP:
1. Valitse My Computer (klikkaa oikealla). ( OMA Tietokone )
2. Valitse Properties. ( Ominaisuudet )
3. Valitse System Restore välilehti. ( Järjestelmän palautus )
4. Valitse "Turn off System Restore". ( Poista Palautus toiminto )
5. Paina Apply. ( Käytä )
6. Paina OK.
7. Käynnistä kone uudelleen vikasietotilaan
piilotiedostot näkyviin
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Etsi/poista nämä
C:\windows\wibkukw.exe < tiedosto
C:\WINDOWS\System32\spoolsrv32.exe < tiedosto
c:\windows\qkiaiyp.exe < tiedosto
winupdate98525230[1].exe < tiedostoSulje tämä prosessi
C:\windows\wibkukw.exe < ei löytynyt prosesseista
O4 - HKCU\..\Run: [cpyirda] c:\windows\qkiaiyp.exe < ei löytynyt tätäkään
Sain poistettua ne kaikki mitä piti ja tässä logit:
File C:\WINDOWS\System32\wregistry.exe infected by "Backdoor.Win32.Rbot.kd" Virus. Action Taken: File Renamed.
File C:\WINDOWS\Web\tip.htm tagged as not-a-virus:AdWare.FindSpy.d. No Action Taken.
Logfile of HijackThis v1.99.0
Scan saved at 19:34:30, on 13.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT2\HijackThis2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Tomppa\Omat tiedostot\Geims\Daemon tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by2fd.bay2.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103996560625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Loogisen levyn hallinnan valvontapalvelu - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Verkon DDE - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Verkon DDE DSDM - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Älykortti-apuohjelma - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Älykortti - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Resurssilokit ja -hälytykset - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
IL - PerSut tykittää - Vaaralliset tappajat vankilaan jopa loppuelämäksi!!
Entistä rajumpi elinkautinen tulee – Vaaralliset tappajat vankilaan jopa loppuelämäksi Henkirikosten uusijat voidaan ja9614143Äärioikeistopurran nukke Petteri Lapanen paniikissa
Kun Suomen historian paras pääministeri antoi vankan lausunnon, kuinka "keskustelu politiikassa on käpertynyt lähinnä va185840Päivi Räsänen vs. Abbas Bahmanpour
(Bahmanpour on imaami Helsingissä) Syyttäjä siis jahtaa edelleen Räsästä tämän H-puheista, joissa hän on ilmeisesti vaa1545551SIELTÄ SE TULI: Kepu-Kurvinen: "Emme enää lähde punavihreään hallitukseen"
Nyt muuten nauretaan loppuviikko, että tähänkö kaatui Lindtmanin pääministerihaaveet. "Antti Kurvisen mukaan puolue ei1475387Demokratian uhka: Perussuomalaiset ja polarisoiva "me ja muut" -ajattelu
Laurence Rees varoittaa, kuinka demokratian heikkeneminen ja autoritaaristen liikkeiden nousu voidaan liittää "me ja muu2015122Onko rajojen kiinnipitäminen ihmisoikeuksien vastaista?
Maahanmuutosta puhutaan usein niin kuin kyse olisi vain numeroista ja rajoista. Kyse on kumminkin ihmisistä, jotka halua2894220HS - Sanna Marinin kirja on priimaluokan vedätys!
Kirja-arvio|Toivo on tekoja tulisi ensisijaisesti nähdä maineen rahallisen hyödyntämisen voimaannuttavana merkkipaaluna.213900"Rauhanomainen" miekkari hesassa: "Eläköön aseellinen vastarinta" - lakana
Kyseessä on Suomen Palestiinalaisten yhdistyksen viime perjantaina järjestämä ”Hiljainen kynttiläkulkue Palestiinalaiste873601Some kuhisee Sanna Marinista: "Wau"
Sanna Marinia hehkutetaan. Muun muassa Jodelissa kommentoidaan The Sunday Timesin julkaisemaa kuvaa Marinista. Hän ant13507Vanhat miehet eivät muista
Niinistö muistaa vain Marinin hölmistyneen ilmeen, mutta ei miksi möllötti sen näköisenä. Vanhanen taas ei muuten vaan193469