F-securen päivittäminen ei onnistu. Yahoo! toolbarin takia / hjt logi mukana

Candy32 · Apr 9, 2006

F-secure ilmoittaa Yahoo Toolbarin aiheuttavan ristiriidan ja ei sen vuoksi päivity. Saisikohan tämän Yahoo! Toolbarin lopullisesti postettua. Poista/lisää toiminnolla se näyttää ohjelman olemassaolon muttei sitä pysty poistamaan. Onkohan myös muita pöpöjä? Olisin kiitollinen avusta.

T: Candy32

Logfile of HijackThis v1.99.1
Scan saved at 12:34:29, on 9.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
e:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
e:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
e:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
e:\Program Files\F-Secure\Common\FSMA32.EXE
e:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\Program Files\F-Secure\Common\FSMB32.EXE
e:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
e:\Program Files\F-Secure\Common\FCH32.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
e:\Program Files\F-Secure\Common\FNRB32.EXE
e:\Program Files\F-Secure\Common\FIH32.EXE
e:\Program Files\F-Secure\Anti-Virus\fsav32.exe
e:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\DeltTray.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\mapiicon.exe
E:\Program Files\Mozilla\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://laajakaista.elisa.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [F-Secure Manager] "e:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "e:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] e:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "e:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "e:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096031792436
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - e:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - e:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - e:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-kemisti- · Apr 9, 2006

On siellä örkkejä.

Poista ohjauspaneelista (lisää/poista sovellus):

Windows ControlAd

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize

Hae ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\Program Files\Windows ControlAd
kctl32.dll (etsi Etsi-toiminnolla, myös piilotiedostot mukaan)
C:\Program Files\Yahoo!

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

EDIT: Vähän lisää vielä:

Javan päivitys ja välimuistin tyhjennys

1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Java kuvaketta (kahvikuppi) Ohjauspaneelissa.
2. Mene "Update" -välilehteen Java asetusikkunassasi. Päivitä Javasi klikkaamalla "Update Now" ja sitten käynnistä uudelleen.
3. Jos et pysty päivittämään automaattisesti, hae manuaalisesti täältä:

http://www.java.com/en/download/manual.jsp

4. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja siitä Java asetuksiisi.
5. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
6. Varmista että kaikki kolme valintaa ovat rastitettuja:

Downloaded Applets
Downloaded Applications
Other Files

7. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
8. Klikkaa OK jättääksesi Java asetusikkunasi.

Käynnistä uudelleen, lähetä uusi HjT-loki ja ewidon raportti.

Candy32 · Apr 9, 2006

Tein ohjeiden mukaan mutta edelleen ohjauspaneelista (lisää/poista sovellus): Näkyy Yahoo! Toolbar. Kun sitä yrittää poistaa niin ilmoittaa-->virhe ladattaessa..Määriteltyä osaa ei löydy.

Ewido kaataa ja buuttaa xp:n heti kun sillä alkaa skannaamaan. Windows herjaa, että tekee muutoksia rekisteriin ja sen vuoksi sammuttaa käyttöjärjestelmän?

Javan päivitys onnistui. Mitäköhän seuraavaksi pitäisi yrittää.

T: Candy32

Logfile of HijackThis v1.99.1
Scan saved at 14:47:03, on 9.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
e:\Program Files\ewido anti-malware\ewidoctrl.exe
e:\Program Files\ewido anti-malware\ewidoguard.exe
e:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
e:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
e:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
e:\Program Files\F-Secure\Common\FSMA32.EXE
e:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\Program Files\F-Secure\Common\FSMB32.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\F-Secure\Common\FCH32.EXE
e:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
e:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\Explorer.EXE
e:\Program Files\F-Secure\Anti-Virus\fsav32.exe
e:\Program Files\F-Secure\Common\FIH32.EXE
e:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
e:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
E:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\DeltTray.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dumprep.exe
E:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Sami\Työpöytä\HijackThis.exe
C:\WINDOWS\system32\devldr32.exe
E:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\mapiicon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://laajakaista.elisa.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [F-Secure Manager] "e:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "e:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] e:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "e:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "e:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096031792436
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - e:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - e:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - e:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - e:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - e:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - e:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - e:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - e:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - e:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-kemisti- · Apr 9, 2006

Putsaa rekisteri vaikka ccleanerilla, niin nähdään onko sitä yahoo! toolbaria enää koneella vai vain merkintä sen takia, että poistettu "väärin" -> http://www.ccleaner.com

Kokeillaan eScania ewidon sijaan:

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

Candy32 · Apr 10, 2006

No niin,
Ccleanerin ja eScanin jälkeeen jälkimmäinen ohjelma löysi seuraavat epäilyttävät kohteet:

File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdToolsSolutions.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.

File C:\Program Files\Common Files\ocuabnfm\maaecrto\turfurnp.exe tagged as not-a-virus:AdWare.Win32.Gator.a. No Action Taken.

File C:\Program Files\Common Files\ocuabnfm\obfeelbsab\eorduqpru.exe tagged as not-a-virus:AdWare.Win32.Gator.a. No Action Taken.

File C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll tagged as not-a-virus:AdWare.Win32.Perfnav.a. No Action Taken.

File C:\Program Files\SearchRelevant\SearchRelevant.dll tagged as not-a-virus:AdWare.Win32.Relevance.c. No Action Taken.

File C:\Program Files\Windows AdService\WinAdMaster.dll tagged as not-a-virus:AdWare.Win32.WinAD.d. No Action Taken.

File C:\System Volume Information\_restore{CDEC6A72-1EF8-48AF-929F-6D6D8D56555B}\RP479\A0246836.exe tagged as not-a-virus:AdWare.Win32.WinAD.f. No Action Taken.

File C:\System Volume Information\_restore{CDEC6A72-1EF8-48AF-929F-6D6D8D56555B}\RP479\A0246837.dll tagged as not-a-virus:AdWare.Win32.WinAD.f. No Action Taken.

File C:\System Volume Information\_restore{CDEC6A72-1EF8-48AF-929F-6D6D8D56555B}\RP481\A0256136.dll tagged as not-a-virus:AdWare.Win32.Perfnav.a. No Action Taken.

File C:\System Volume Information\_restore{CDEC6A72-1EF8-48AF-929F-6D6D8D56555B}\RP481\A0256137.dll tagged as not-a-virus:AdWare.Win32.WinAD.d. No Action Taken.

File E:\Program Files\Altnet\Download Manager\asm.exe tagged as not-a-virus:AdWare.Win32.Altnet.l. No Action Taken.

File E:\Program Files\Altnet\Download Manager\asmps.dll tagged as not-a-virus:AdWare.Win32.Altnet.b. No Action Taken.

File E:\Program Files\Kazaa\TopSearch.dll tagged as not-a-virus:AdWare.Win32.Altnet.e. No Action Taken.

File E:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.

File E:\System Volume Information\_restore{CDEC6A72-1EF8-48AF-929F-6D6D8D56555B}\RP481\A0256138.exe tagged as not-a-virus:AdWare.Win32.Altnet.l. No Action Taken.

Mitenköhän näihin löytöihin pitäisi reakoida / poistaa?
Xp kun ei päästä näihin tiedostoihin käsiksi.

Kiitos jo etukäteen
T: Candy32

-kemisti- · Apr 10, 2006

Poista ohjauspaneelista (lisää/poista sovellus, jos on):

PerfectNav
Search Relevancy/SearchRelevant
Windows AdService
Altnet
(Kazaa) (tämä on oma valintasi, teetkö vai et)

Poista nämä:

C:\Program Files\Common Files\ocuabnfm
C:\Program Files\PerfectNav
C:\Program Files\SearchRelevant
C:\Program Files\Windows AdService
E:\Program Files\Altnet
(E:\Program Files\Kazaa)

Tyhjennä järjestelmän palautus seuraavasti. Huomaa, että tällöin häviävät KAIKKI aiemmat palautuspisteet!

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Log in or Sign up

F-securen päivittäminen ei onnistu. Yahoo! toolbarin takia / hjt logi mukana

Candy32 Member

-kemisti- Active member

Candy32 Member

-kemisti- Active member

Candy32 Member

-kemisti- Active member

Share This Page

Log in or Sign up

F-securen päivittäminen ei onnistu. Yahoo! toolbarin takia / hjt logi mukana

Candy32 Member

-kemisti- Active member

Candy32 Member

-kemisti- Active member

Candy32 Member

-kemisti- Active member

Share This Page

Useful Searches