Oiskos tässä fixattavaa (paljoakin), päätinpä tämän ajaa ja tutustua ohjelmaan? Logfile of HijackThis v1.99.1 Scan saved at 21:32:27, on 2.10.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE D:\Seti@home\MSNTD.sys D:\Seti@home\MultiSeti.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\regsvc.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\system32\svchost.exe D:\Seti@home\setiathome.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Invention Pilot\Tray Pilot\TrayPlt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\OpenOffice.org 1.9.122\program\soffice.exe C:\Program Files\OpenOffice.org 1.9.122\program\soffice.BIN C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ABC\abc.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.fi R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\RunOnce: [Tray Pilot] "C:\Program Files\Invention Pilot\Tray Pilot\Starter.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 1.9.122.lnk = C:\Program Files\OpenOffice.org 1.9.122\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fi O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.fi O17 - HKLM\System\CCS\Services\Tcpip\..\{2264390C-76D2-4EFF-B54E-899F8AD73A18}: NameServer = 193.167.100.37,193.65.248.173 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: MultiSeti - Unknown owner - D:\Seti@home\MSNTD.sys" "D:\Seti@home\MultiSeti.exe" -s -dir "D:\Seti@home (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\system32\ssl.exe (file missing)
Hyvä ku otit sen login pois sieltä toisesta ketjusta. Merkkaa ja Fix:saa O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\system32\ssl.exe (file missing) Käynnistä sitte vikasietotilassa ja piilotiedostot näkyvillä poista jos löytyy C:\WINDOWS\system32\1.tmp C:\WINDOWS\system32\ssl.exe Kirjota sitte Suorita kohtaan services.msc ja Ok Jos tuota kautta ei pääse Win 2000 niin ohjauspaneelin kautta vissiin pääsee serviciin. Eti sieltä tuo service Microsoft SSL (ssl) tuplaklikkaa sitä ja pysäytä se ja pistä käynnistysmuotoon ei käytössä käytä ja ok. Jos AntiVir on poistettu koneelta niin tee samoin noille AntiVir Service (AntiVirService) AntiVir Update (AVWUpSrv)
antivir ei ole poistettu se toimii kakkos tutkana... tuosta ssl hommasta, saisko perustelua miksi poistaa ? yleensä oppii vaan jos tietää miksi tehdä Kumpaakaan tiedostoa ei löytynyt, ja tuossahan oli maininta file missing joten sehän luultavasti sen selittää
http://castlecops.com/O23.html Microsoft SSL (ssl) X ssl.exe Added by the W32.Esbot.C WORM! Note: This Worm\Trojan file is found in the System32 folder and has nothing to do with the (Secure Socket Layer) http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.c.html
