Kone ei tunnu pelittävän täysillä, joten vois joku tarkastaa login? C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\iecg32.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe D:\ohjelmat\D-Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\atlkt32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Antti Saunamäki\Työpöytä\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wmena.dll/sp.html#63796 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wmena.dll/sp.html#63796 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: Class - {51482193-6763-C430-0541-232D3E7FCBA8} - C:\WINDOWS\winea32.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ohjelmat\SPYBOT~1\SDHelper.dll O2 - BHO: Class - {6F8DB982-F820-7376-2AB9-CA0E147B64BE} - C:\WINDOWS\ntcw.dll O2 - BHO: Class - {8C117440-A21E-FAE3-F059-300824283DEF} - C:\WINDOWS\system32\apike.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\ohjelmat\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\ohjelmat\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [javarp.exe] C:\WINDOWS\javarp.exe O4 - HKLM\..\Run: [mfclk.exe] C:\WINDOWS\mfclk.exe O4 - HKLM\..\Run: [atlkt32.exe] C:\WINDOWS\atlkt32.exe O4 - HKLM\..\Run: [SpyFighterMonitor] "D:\ohjelmat\SpyFighter\SpyFighter.exe" monitor O4 - HKLM\..\Run: [SpyFighterUpdate] "D:\ohjelmat\SpyFighter\AutoUpdate.exe" silent O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/236775ffbf45f28d4014/netzip/RdxIE601.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Poista lisää/poista sovellus-kohdasta (ohjauspaneeli): Security iGuard Laita piilotiedostot näkyviin -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html Hae CWShredder täältä -> http://www.intermute.com/spysubtract/cwshredder_download.html Päivitä, mutta älä käytä sitä vielä Hae aboutbuster -> http://koti.mbnet.fi/pattaya1/aboutbuster.htm , päivitä se, mutta älä käytä sitäkään vielä. Hae Registrar Lite -> http://www.resplendence.com/reglite/ ja asenna se hakemistoon C:\Program Files\RegLite\ . Lataa ja asenna Ewido -> http://www.ewido.net/en/download/ Päivitä se, mutta älä käytä vielä. Hae HSfix -> http://users.telenet.be/marcvn/regfiles/HSfix.zip. Tuplaklikkaa HSfix.zip ja se purkaa itsensä työpöydälle kansioon HSfix Älä käytä sitäkään vielä. Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) Sammuta prosessit tiedostojenhallinnasta: C:\WINDOWS\iecg32.exe C:\WINDOWS\atlkt32.exe Poista seuraavat tiedostot: C:\WINDOWS\iecg32.exe C:\WINDOWS\atlkt32.exe C:\WINDOWS\winea32.dll C:\WINDOWS\ntcw.dll C:\WINDOWS\system32\apike.dll C:\WINDOWS\javarp.exe C:\WINDOWS\mfclk.exe C:\WINDOWS\atlkt32.exe sys.exe (mahdollisesti C:\windows-hakemistossa ja hakemisto C:\Program Files\==>Security iGuard<== Sitten sulje kaikki ohjelmat ja käynnistä hijackthis. Do a system scan only, merkkaa nämä ja klikkaa fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wmena.dll/sp.html#63796 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wmena.dll/sp.html#63796 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wmena.dll/sp.html#63796 R3 - Default URLSearchHook is missing O2 - BHO: Class - {51482193-6763-C430-0541-232D3E7FCBA8} - C:\WINDOWS\winea32.dll O2 - BHO: Class - {6F8DB982-F820-7376-2AB9-CA0E147B64BE} - C:\WINDOWS\ntcw.dll O2 - BHO: Class - {8C117440-A21E-FAE3-F059-300824283DEF} - C:\WINDOWS\system32\apike.dll (file missing) O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\dnscleaner.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [javarp.exe] C:\WINDOWS\javarp.exe O4 - HKLM\..\Run: [mfclk.exe] C:\WINDOWS\mfclk.exe O4 - HKLM\..\Run: [atlkt32.exe] C:\WINDOWS\atlkt32.exe O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/236775ffbf45f28d4014/netzip/RdxIE601.cab Käynnistä Open Registrar Lite Copypasteta lihavoitu teksti Registrar Liten osoiterivilletee rekisteristä varmuuskopion, jos jotain menee pieleen) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Mene File> Export ja tallenna (C:\Program Files\Registrar Lite (Reglite)-hakemistoon): 1.) Winkey.reg (tallennusmuoto: regedit4 .reg) 2.) Winkey.hiv (tallennusmuoto -regetd32/WinAPI *hiv *dat) Mene HSfix-kansioon Tuplaklikkaa HSfix.reg ja paina Yes. SULJE KAIKKI IKKUNAT paitsi CWShredder Aja ohjelma painamalla fix ja anna korjata kaikki mitä löytää. Skannaa aboutbusterilla kaks kertaa ja säästä loki. Skannaa ewidolla ja anna poistaa, mitä löytyy. Tallenna loki ja postita se tänne. Käynnistä kone normaalisti Postita hijackthisin, aboutbusterin ja ewidon lokit.
Tuli tehtyä nuo hommat, mutta en löytänyt sys.exe tiedosta.Entäs ,miltä nyt sitten näyttäisi? Logfile of HijackThis v1.99.1 Scan saved at 22:09:45, on 15.9.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe D:\ohjelmat\D-Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe D:\ohjelmat\ewido\security suite\ewidoctrl.exe D:\ohjelmat\ewido\security suite\ewidoguard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Antti Saunamäki\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ohjelmat\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\ohjelmat\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\ohjelmat\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpyFighterMonitor] "D:\ohjelmat\SpyFighter\SpyFighter.exe" monitor O4 - HKLM\..\Run: [SpyFighterUpdate] "D:\ohjelmat\SpyFighter\AutoUpdate.exe" silent O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - D:\ohjelmat\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\ohjelmat\ewido\security suite\ewidoguard.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ................................................................ AboutBuster 5.0 reference file 31 Scan started on [15.9.2005] at [21:55:40] ------------------------------------------------ Removed Stream! C:\WINDOWS\KB828741.log:mrmeer Removed Stream! C:\WINDOWS\KB828741.log:nleehi Removed Stream! C:\WINDOWS\KB842773.log:xtpwae Removed Stream! C:\WINDOWS\KB842773.log:ymhodv Removed Stream! C:\WINDOWS\KB873339.log:rnacxf Removed Stream! C:\WINDOWS\KB873339Uninst.loguicco Removed Stream! C:\WINDOWS\wmsetup10.log:kmissq Removed Stream! C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:ngeqqn Removed Stream! C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:ufulod ------------------------------------------------ Removed File! : C:\Windows\wmena.dll Removed File! : C:\Windows\System32\fbwax.dat Removed File! : C:\Windows\System32\mzpda.dat ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 21:55:48 AboutBuster 5.0 reference file 31 Scan started on [15.9.2005] at [21:56:14] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 21:56:22 ........................................................... --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 22:06:16, 15.9.2005 + Report-Checksum: DFEFBE8A + Scan result: C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Cookies\antti saunamäki@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Local Settings\Temp\Cookies\antti saunamäki@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Local Settings\Temporary Internet Files\Content.IE5\IZIJU9EV\ysb_prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Antti Saunamäki\Local Settings\Temporary Internet Files\Content.IE5\VAJX7Z3W\prompt[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup C:\WINDOWS\comsetup.log:makir -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\comsetup.log:nvnqp -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\dnscleaner.exe -> Spyware.Melkosoft : Cleaned with backup C:\WINDOWS\fna00172:ipionu -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\iis6.log:bqbtiw -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\ipuu32.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:qypscm -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\KB890859.log:jzhxex -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\KB893066.log:bzaczz -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\KB893803v2.log:uakqbj -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\msct.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\SchedLgU.Txt:serqev -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\sig1.exe -> TrojanDownloader.Small.akr : Cleaned with backup C:\WINDOWS\system32:flaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup C:\WINDOWS\system32\crtx.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32\d3yj32.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32\ntee.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32\wintc32.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\vb.ini:nzxcg -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\Windows Update.log:sbtrv -> TrojanDownloader.Agent.bq : Cleaned with backup C:\WINDOWS\WindowsUpdate.log:uvpyvs -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\winnt.bmp:bcektq -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:avwlnk -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:iuegt -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:twprpu -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\{FCFCFF32-120C-4A78-9A2F-0B471D80C189}.dat:tzgmk -> TrojanDownloader.Agent.bq : Cleaned with backup ::Report End
Ei se vielä kunnossa ole, mutta parempi kyllä. EDIT: Kokeillaas smitremiä: Hae tuolta -> http://noahdfear.geekstogo.com/click counter/click.php?id=1 smitRem.exe, tallenna se työpöydälle. Tuplaklikkaa sitä, jolloin se purkaa itsensä omaan hakemistoon. Käynnistä vikasietotilaan , avaa smitRem-kansio ja tuplaklikkaa RunThis.battia. Seuraa ohjeita. Käynnistä kone uudestaan. Fixaa nämä: O4 - HKLM\..\Run: [Sygate Personal Firewall] sys.exe O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe (jos enää on smitremin jäljiltä) O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sys.exe O4 - HKCU\..\Run: [Sygate Personal Firewall] sys.exe Käynnistä vikasietotilaan ja yritä löytää toi sys.exe Etsi-toiminnolla, jos ei muuten löydy. Ja poista hakemisto C:\Program Files\==>Security iGuard<==, jos et jo sitä tehnyt. Käynnistä uudestaan ja laita uusi hijackthis-loki
