Eli netti sivujen aukeamisessa menee toisinaan minuutteja ja kaikilla mahdollisilla ewidoilla sun muilla on käyty läpi.Mut winukan uudelleen asennuksella korjaantuu,mut kokeillaan tämä viimeisenä oljenkortena. Logfile of HijackThis v1.99.1 Scan saved at 0:36:01, on 15.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE D:\LATE_1\paketit\virtus+softa\dc++-torrent\New Folder\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\LATE_1\stuff\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/downloadrequest?updtConfId=45&updtReqId=1512082627 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [µTorrent] "D:\LATE_1\paketit\virtus+softa\dc++-torrent\New Folder\utorrent.exe" O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4576/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Ei kyl mitään kovin pahaa löytynyt. Fixaa (do a system scan only ja laita rasti seuraavaan ja fix): O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
Hae täältä eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm päivitä, skannaa ja lähetä sen logi tänne.
Eli tätä varmaan tarkoitit File C:\Documents and Settings\late\Favorites\porkka\w.Bluemovie.cz - 7000 Movie Wallpapers - Most Popular - Nejprohlíženejsí.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. File C:\WINDOWS\system32\svch\svchost.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted. File D:\LATE_1\ohjelmia\ChrisTv.Professional.v4.70.+.Crack\ChrisTv 4.70 Pro Setup.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted. File D:\System Volume Information\_restore{FC41642E-A81B-4481-83C8-B7FBC5909D8C}\RP104\A0037398.exe infected by "Trojan.Win32.VB.aek" Virus. Action Taken: File Deleted.
Poista myös seuraavat kansio C:\WINDOWS\system32\[bold]svch[/bold] sekä tiedosto D:\LATE_1\ohjelmia\[bold]ChrisTv.Professional.v4.70.+.Crack[/bold] Ei pitäisi ladata ja käyttää niitä kaiken maailman Crackejä
Enhän minä ku muut poijjaat niitä latailee...Mutta kiitoksia teille. Eteenpäin on menty ja näyttää siltä ettei winukkaa tarvii uudestaan asennella nyt n15 sek niin netti aukee.Jaksamisia ja hattua nostan teidän työlle.Tattis.
