Internet explorer toimii taustassa+mainoksia pomppaa esille

bryggral · Jan 7, 2007

Ain kun avaa IE7:kan niin ruudulle pomppaa jokin mainos. Norman virustorjunta ilmoittaa että IE toimii taustalla ja jokin sovellus hallitsee sitä. Mikä avuksi? Haittaohjelma skannerit ei löydä mitään.

fixeri · Jan 7, 2007

No tämä todennäkösesti löytää.

Käy hae Hijackthis 1.99.1 ohjelma:

Asenna ohjelma omaan kansioon, nimeä Hijackthis.exe--> Skanneri.exe.
Avaa ohjelma, valitse sieltä "Do a system scan and save a logfile", ohjelma tuottaa muistion jossa on logitiedosto, kopioi logi kokonaisuudessaan ja liitä se tänne seuraavaan vastaukseesi.

bryggral · Jan 7, 2007

Logfile of HijackThis v1.99.1
Scan saved at 18:50:50, on 7.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Norman\Npf\Bin\npfmsg2.exe
C:\Documents and Settings\Ralf\Omat tiedostot\Hijack\skanneri.exe.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CBTB00001 - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [cake axis dog body] C:\Documents and Settings\All Users\Application Data\BagsSpamCakeAxis\saveanti.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [Mediacomp] C:\DOCUME~1\Ralf\APPLIC~1\DRVISO~1\Enc Draw.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.sf-anytime.com
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

fixeri · Jan 7, 2007

Lop infektiohan siellä on.

Merkkaa ja paina fix checked:

O4 - HKLM\..\Run: [cake axis dog body] C:\Documents and Settings\All Users\Application Data\BagsSpamCakeAxis\saveanti.exe
O4 - HKCU\..\Run: [Mediacomp] C:\DOCUME~1\Ralf\APPLIC~1\DRVISO~1\Enc Draw.exe

Lataa NoLop työpöydällesi:

http://www.spywareedge.net/nolop/NoLop.exe

-Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
-Tuplaklikkaa NoLop.exe ajaaksesi sen.
-Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
- Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
- Klikkaa "REBOOT"-painiketta.
- NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

bryggral · Jan 7, 2007

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Ralf\Työpöytä
[7.1.2007]
[19:33:36]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AEEC25AF96CFA1DF.job

Beginning Removal...
Rebooting...

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bagsspamcakeaxis
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Npf
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Ralf\Application Data\Adobe
C:\Documents and Settings\Ralf\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Ahead
C:\Documents and Settings\Ralf\Application Data\Apple Computer
C:\Documents and Settings\Ralf\Application Data\Azureus
C:\Documents and Settings\Ralf\Application Data\Bitroll
C:\Documents and Settings\Ralf\Application Data\Bittorrent
C:\Documents and Settings\Ralf\Application Data\Canon
C:\Documents and Settings\Ralf\Application Data\Datalayer
C:\Documents and Settings\Ralf\Application Data\Divx
C:\Documents and Settings\Ralf\Application Data\Drv Iso Dash
C:\Documents and Settings\Ralf\Application Data\Epson
C:\Documents and Settings\Ralf\Application Data\Google
C:\Documents and Settings\Ralf\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Identities
C:\Documents and Settings\Ralf\Application Data\Installshield
C:\Documents and Settings\Ralf\Application Data\Intervideo
C:\Documents and Settings\Ralf\Application Data\Lavasoft
C:\Documents and Settings\Ralf\Application Data\Macromedia
C:\Documents and Settings\Ralf\Application Data\Microsoft
C:\Documents and Settings\Ralf\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Mozilla
C:\Documents and Settings\Ralf\Application Data\Nokia
C:\Documents and Settings\Ralf\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Ralf\Application Data\Pc Suite
C:\Documents and Settings\Ralf\Application Data\Pc Tools
C:\Documents and Settings\Ralf\Application Data\Simple Star
C:\Documents and Settings\Ralf\Application Data\Skype
C:\Documents and Settings\Ralf\Application Data\Snapfish
C:\Documents and Settings\Ralf\Application Data\Sun
C:\Documents and Settings\Ralf\Application Data\Travelersafe
C:\Documents and Settings\Satu\Application Data\Adobe
C:\Documents and Settings\Satu\Application Data\Google
C:\Documents and Settings\Satu\Application Data\Identities
C:\Documents and Settings\Satu\Application Data\Macromedia
C:\Documents and Settings\Satu\Application Data\Microsoft
C:\Documents and Settings\Satu\Application Data\Mozilla
C:\Documents and Settings\Satu\Application Data\Pc Suite
C:\Documents and Settings\Satu\Application Data\Pc Tools
C:\Documents and Settings\Satu\Application Data\Sun

Logfile of HijackThis v1.99.1
Scan saved at 21:24:07, on 7.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\anysee\anysee-E30\anysee_TR.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\sistray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ralf\Omat tiedostot\Hijack\Skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CBTB00001 - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [anysee_TR] C:\Program Files\anysee\anysee-E30\anysee_TR.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Mediacomp] C:\DOCUME~1\Ralf\APPLIC~1\DRVISO~1\Enc Draw.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.sf-anytime.com
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

bryggral · Jan 7, 2007

mainoksia pukkaa vielä,,, ikävä kyllä

fixeri · Jan 7, 2007

Piilotiedostot näkyviin ja poista tuo kansio:

C:\Documents and Settings\All Users\Application Data\--->Bagsspamcakeaxis<---

Sitten aja tuo Nolop uudelleen ja lähetä se logi.

bryggral · Jan 7, 2007

Sanoo että ei voi poistaa saveanti.exe. Yhteiskäyttövirhe ...

bryggral · Jan 7, 2007

Sain poistettua vikasietotilassa.Nolop skannaaa

bryggral · Jan 7, 2007

Vaikutta siltä että ongelma on poissa. Fixerille suurkiitos avusta. Tässä vielä se nolop logi.

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Ralf\Työpöytä
[7.1.2007]
[22:33:20]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Npf
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Ralf\Application Data\Adobe
C:\Documents and Settings\Ralf\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Ahead
C:\Documents and Settings\Ralf\Application Data\Apple Computer
C:\Documents and Settings\Ralf\Application Data\Azureus
C:\Documents and Settings\Ralf\Application Data\Bitroll
C:\Documents and Settings\Ralf\Application Data\Bittorrent
C:\Documents and Settings\Ralf\Application Data\Canon
C:\Documents and Settings\Ralf\Application Data\Datalayer
C:\Documents and Settings\Ralf\Application Data\Divx
C:\Documents and Settings\Ralf\Application Data\Drv Iso Dash
C:\Documents and Settings\Ralf\Application Data\Epson
C:\Documents and Settings\Ralf\Application Data\Google
C:\Documents and Settings\Ralf\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Identities
C:\Documents and Settings\Ralf\Application Data\Installshield
C:\Documents and Settings\Ralf\Application Data\Intervideo
C:\Documents and Settings\Ralf\Application Data\Lavasoft
C:\Documents and Settings\Ralf\Application Data\Macromedia
C:\Documents and Settings\Ralf\Application Data\Microsoft
C:\Documents and Settings\Ralf\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Ralf\Application Data\Mozilla
C:\Documents and Settings\Ralf\Application Data\Nokia
C:\Documents and Settings\Ralf\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Ralf\Application Data\Pc Suite
C:\Documents and Settings\Ralf\Application Data\Pc Tools
C:\Documents and Settings\Ralf\Application Data\Simple Star
C:\Documents and Settings\Ralf\Application Data\Skype
C:\Documents and Settings\Ralf\Application Data\Snapfish
C:\Documents and Settings\Ralf\Application Data\Sun
C:\Documents and Settings\Ralf\Application Data\Travelersafe
C:\Documents and Settings\Satu\Application Data\Adobe
C:\Documents and Settings\Satu\Application Data\Google
C:\Documents and Settings\Satu\Application Data\Identities
C:\Documents and Settings\Satu\Application Data\Macromedia
C:\Documents and Settings\Satu\Application Data\Microsoft
C:\Documents and Settings\Satu\Application Data\Mozilla
C:\Documents and Settings\Satu\Application Data\Pc Suite
C:\Documents and Settings\Satu\Application Data\Pc Tools
C:\Documents and Settings\Satu\Application Data\Sun

Log in or Sign up

Internet explorer toimii taustassa+mainoksia pomppaa esille

bryggral Member

fixeri Regular member

bryggral Member

fixeri Regular member

bryggral Member

bryggral Member

fixeri Regular member

bryggral Member

bryggral Member

bryggral Member

Share This Page

Log in or Sign up

Internet explorer toimii taustassa+mainoksia pomppaa esille

bryggral Member

fixeri Regular member

bryggral Member

fixeri Regular member

bryggral Member

bryggral Member

fixeri Regular member

bryggral Member

bryggral Member

bryggral Member

Share This Page

Useful Searches