W32/Nsag.B

Kimmo

Alhaalla oleva herjaus tekee tietokoneella työskentelyn hankalaksi jopa mahdottomaksi. Voisiko joku auttaa pääsemään eroon ongelmasta?

C:\WINDOWS\SYSTEM32\WININET.DLL

Contains signature of the Windows virus W32/Nsag.B

Tässä logi:

Logfile of HijackThis v1.99.1
Scan saved at 19:15:34, on 11.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NetDrive\wdservice.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=10
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=10
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [System Redirect] C:\WINDOWS\System32\sysbho.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.131/dl/adv68/x.chm::/load.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129457721233
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sysmain.dll
O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

10

2405

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja

      Poista lisää/poista sovellus-kohdasta:

      P2P Networking
      InstaFinderK
      AltnetPointsManager

      Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=10
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=10
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=10
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=10
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=10
      O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
      O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
      O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
      O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
      O4 - HKLM\..\Run: [System Redirect] C:\WINDOWS\System32\sysbho.exe
      O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.131/dl/adv68/x.chm::/load.exe
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

      Hae smitrem täältä -> http://noahdfear.geekstogo.com/click counter/click.php?id=1

      Tallenna työpöydälle ja tuplaklikkaa sitä, jolloin se luo smitRem-kansion työpöydälle.

      Laita piilotiedostot näkyviin, ohje ->
      http://keskustelu.afterdawn.com/thread_view.cfm/248944

      .Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä).

      Poista nämä:

      C:\WINDOWS\System32\==>P2P NetworkingINSTAFINKpoints managersysbho.exe

      • Anonyymi

        ai kamalaa,,,


    • Fixaaja

      Fixaa tämä rivi:

      O20 - AppInit_DLLs: sysmain.dll

      Poista nämä vikasiedoss, jos löytyy(etsi Etsi-toiminnolla):

      main.exe
      sysinj.exe
      sysmain.dll
      v35bho.exe
      itshta.exe
      syshelp.exe

      • Kimmo

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 20:53:21,34

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~

        PSGuard


        ~~~ Shortcuts ~~~

        Computer Security.url


        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll
        wppp.html
        hp***.tmp
        logfiles


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe


      • Fixaaja
        Kimmo kirjoitti:

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 20:53:21,34

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~

        PSGuard


        ~~~ Shortcuts ~~~

        Computer Security.url


        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll
        wppp.html
        hp***.tmp
        logfiles


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

        Fixaa tämä:

        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)

        Ja poista RX Toolbar myös lisää/poista sovellus-kohdasta, jos löytyy.

        Aja uudestaan tuo smitrem kuten edellä, siellä on vielä tuo oleext.dll.


      • Kimmo
        Fixaaja kirjoitti:

        Fixaa tämä:

        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)

        Ja poista RX Toolbar myös lisää/poista sovellus-kohdasta, jos löytyy.

        Aja uudestaan tuo smitrem kuten edellä, siellä on vielä tuo oleext.dll.

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 21:19:08,96

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

        se RX bar löyty lisää/poista sovellus-kohdasta mutta ei poistu vaikka painaa nappia remove

        ja edellee toi sama ilmoitus kiusaa: C:\WINDOWS\SYSTEM32\WININET.DLL

        Contains signature of the Windows virus W32/Nsag.B


      • koneesesi
        Kimmo kirjoitti:

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 21:19:08,96

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

        se RX bar löyty lisää/poista sovellus-kohdasta mutta ei poistu vaikka painaa nappia remove

        ja edellee toi sama ilmoitus kiusaa: C:\WINDOWS\SYSTEM32\WININET.DLL

        Contains signature of the Windows virus W32/Nsag.B

        ensin edes SP1 siihen kuuluvat tärkeät päivitykset.

        Koneeseesi tulee noi infektiot aina uudelleen ja uudelleen jos kone ei ole edes päivitetty tuolla SP1

        Kun kone on puhdas päivitä sitten vasta SP2 siihen kuuluvat päivitykset


      • Fixaaja
        Kimmo kirjoitti:

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 21:19:08,96

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

        se RX bar löyty lisää/poista sovellus-kohdasta mutta ei poistu vaikka painaa nappia remove

        ja edellee toi sama ilmoitus kiusaa: C:\WINDOWS\SYSTEM32\WININET.DLL

        Contains signature of the Windows virus W32/Nsag.B

        Hae KillBox

        http://www.bleepingcomputer.com/files/spyware/KillBox.zip

        Pura,avaa ja täppi kohtaan Delete on Reboot
        Sitte kopioi rivi tosta alapuolelta

        C:\WINDOWS\System32\oleext.dll

        Sitten KillBoxissa ylhäältä File > Paste from Clipboard
        Sen jälkeen paina Delete (punainen, jossa on valkonen X)
        Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se. Käynnistä nimenomaan vikasietotilaan.

        Poista se RX Toolbarin hakemisto (C:\Program Files\RX Toolbar)

        Tee se smitrem-juttu vielä kerran. Ja lähetä taas C:\smitfiles.txt-tiedoston sisältö.


      • Fixaaja
        Kimmo kirjoitti:

        smitRem © log file
        version 2.7

        by noahdfear


        Microsoft Windows XP [Version 5.1.2600]
        The current date is: pe 11.11.2005
        The current time is: 21:19:08,96

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~

        oleext.dll


        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)


        Logfile of HijackThis v1.99.1
        Scan saved at 21:00:09, on 11.11.2005
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\CTsvcCDA.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\mgabg.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\ICQLite\ICQLite.exe
        C:\WINDOWS\System32\PDesk\PDesk.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
        C:\Program Files\NetDrive\netdrive.exe
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\Program Files\AVPersonal\AVSched32.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\NetDrive\wdservice.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmi.fi/saa/paikalli.html?Keywords=&kunta=Helsinki¶m=T&neito=1
        R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
        O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
        O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
        O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\NetDrive\netdrive.exe /trayicon
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
        O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
        O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
        O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
        O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
        O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
        O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O21 - SSODL: System - {1E6EBE57-1C08-4D3C-94D6-3E55539A58DC} - C:\WINDOWS\system32\system32.dll
        O23 - Service: AntiVir Service (AntiVirService) - H BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
        O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

        se RX bar löyty lisää/poista sovellus-kohdasta mutta ei poistu vaikka painaa nappia remove

        ja edellee toi sama ilmoitus kiusaa: C:\WINDOWS\SYSTEM32\WININET.DLL

        Contains signature of the Windows virus W32/Nsag.B

        Täältä saat "puhtaan" wininet.dll:n ->
        http://www.dll-files.com/dllindex/dll-files.shtml?wininet
        Pura se sen vanhan päälle, niin ei pitäisi enää tulla tuota ilmoitusta :)


    Ketjusta on poistettu 1 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ensitreffit Jenni laukoo viinilasin ääressä suorat sanat Jyrkin aikeista: "Mä sanoin, että älä"

      Voi ei… Mitä luulet: kestääkö Jennin ja Jyrkin avioliitto vai päättyykö eroon? Lue lisää: https://www.suomi24.fi/viihde
      Ensitreffit alttarilla
      21
      2586
    2. 148
      2244
    3. Ymmärrän paremmin kuin koskaan

      Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän
      Tunteet
      29
      2222
    4. Hullu liikenteessä?

      Mikä hullu pyörii kylillä jos jahti päällä? Näitä tosin kyllä riittää tällä kylällä.
      Kiuruvesi
      52
      2129
    5. Niina Lahtinen uudessa elämäntilanteessa - Kotiolot ovat muuttuneet merkittävästi: "Nyt on...!"

      Niina, tanssejasi on riemukasta seurata, iso kiitos! Lue Niinan haastattelu: https://www.suomi24.fi/viihde/niina-lahti
      Suomalaiset julkkikset
      21
      1722
    6. Kun Venäjä on tasannut tilit Ukrainan kanssa, onko Suomi seuraava?

      Mitä mieltä olette, onko Suomi seuraava, jonka kanssa Venäjä tasaa tilit? Ja voisiko sitä mitenkään estää? Esimerkiks
      NATO
      387
      1613
    7. Ano Turtiainen saa syytteet kansankiihoituksesta

      Syytteitä on kolme ja niissä on kyse kirjoituksista, jotka hän on kansanedustaja-aikanaan julkaissut Twitter-tilillään
      Maailman menoa
      96
      1546
    8. Pyhäinpäivän aamua

      Oikein hyvää huomenta ja rauhallista päivää. ❄️😊🥱☕❤️
      Ikävä
      288
      1436
    9. Varokaa! Lunta voi sataa kohta!

      Vakava säävaroitus Lumisadevaroitus Satakunta, Uusimaa, Etelä-Karjala, Keski-Suomi, Etelä-Savo, Etelä-Pohjanmaa, Pohjanm
      Maailman menoa
      13
      1389
    10. Kunta ostaa kivitipun

      Kunnanjohtajan tuleva uusi ostokohde
      Lappajärvi
      132
      1379
    Aihe