Moi. Mul ois kanssa ongelmaa ton Poller.exe / Snail.exe hässäkän kanssa. F-Secure poistelee aina välillä sitä Poller.exe:ä mut sehän aina palailee. Kokeilin noita online haittaohjelmienpoistajia, mutta vaikka toinen ohjelma löysi 4 "infected files" ja toinen ohjelma 9, ei kumpikaan osannut poistaa niitä. Olisi hienoa jos joku osaisi neuvoa. HJT loki on siis tässä: Logfile of HijackThis v1.99.1 Scan saved at 12:55:14, on 25.5.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\WINDOWS\Explorer.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SSH Communications Security\SSH Accession Lite\ssh_accession.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Logitech\Video\AlbumDB2.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hut.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [UStorag] c:\program files\u-storage tools2.5\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.5 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\ERNEST~1\LOCALS~1\Temp\nsr6D.tmp" O4 - Global Startup: SSH Accession.lnk = C:\Program Files\SSH Communications Security\SSH Accession Lite\ssh_accession.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098984489835 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1CF0E3-7FB9-442D-99F6-2FC3ED7B6810}: NameServer = 130.233.16.3,130.233.224.1 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Kokeillaan lähteekö ne M$ Antispywarella http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en Laita piilotiedostot näkyviin http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339 Merkka tuo, sulje selain ja muut ikkunat, klikkaa Fix O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\ERNEST~1\LOCALS~1\Temp\nsr6D.tmp Tyhjennä tempit, ellei muuten tyhjene niin sitten vikasietotilassa Nuo alemmat kaikissa käyttäjätileissä C:\Temp C:\Windows\Prefetch C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temp
Tuota noin. Kaverilla oli ollut samanlainen ongelma ja päätin kokeilla järjestelmän palauttamista parilla päivällä taaksepäin, sillä kaverillani se oli poistanut ongelman. Nyt näyttää minun konekin toimivan. Käytin lisäksi a-squared ohjelmaa, joka tuntui löytävän joitakin troijalaisia. Kiitos avusta.
