Elikkäs ei mitään hajua mistä olen tämän p*skan saanut yhtäkkiä vain alkoi popuppeja tulemaan ja mutua mukavaa, noh asnesin sitte windowsin kokonaan uudestaan mutta en alustanut kahta (2) kovalevy osiota, vaan vain sen missä windows oli. Ja nyt uudelleenasennuksen jälkeenki heittelee pop uppeja ilmaan eli jos jokuv iittis kattoa tämän login niin olisin todella kiitollinen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:43:27, on 14.5.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Garena\Garena.exe C:\DOCUME~1\Juhani\LOCALS~1\Temp\xsenmrwcoa.tmp C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\Juhani\LOCALS~1\Temp\oawremsxnc.tmp C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre6\bin\java.exe C:\WINDOWS\system32\rn.tmp C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\net.net C:\WINDOWS\system32\PnkBstrB.exe C:\DOCUME~1\Juhani\LOCALS~1\Temp\sas2B8.tmp C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\prnet.tmp C:\Documents and Settings\Juhani\Desktop\pbsetup\pbsetup.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {96a13e40-408e-4bea-b3f5-ccd7f0d6251b} - C:\WINDOWS\system32\tasurepa.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net" O4 - HKLM\..\Run: [lisokiroza] Rundll32.exe "C:\WINDOWS\system32\masutora.dll",s O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net" O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Juhani\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B37393F2-581F-499A-A93E-C59C211E6955}: NameServer = 62.241.198.245 62.241.195.246 O20 - AppInit_DLLs: C:\WINDOWS\system32\zakurase.dll O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5672 bytes
Hehheh, ei paha Running processes: C:\DOCUME~1\Juhani\LOCALS~1\Temp\xsenmrwcoa.tmp C:\DOCUME~1\Juhani\LOCALS~1\Temp\oawremsxnc.tmp C:\WINDOWS\system32\rn.tmp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net" O4 - HKLM\..\Run: [lisokiroza] Rundll32.exe "C:\WINDOWS\system32\masutora.dll",s O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net" O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Juhani\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp" O20 - AppInit_DLLs: C:\WINDOWS\system32\zakurase.dll O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe Tuossa nyt nopean silmäyksen tulos, voi olla että missasin jotain. Meillä ei ole täällä fiksaajia näkynyt pitkään aikaan, joten laita logisi vt.nettiin. http://www.virustorjunta.net/modules.php?name=Forums (HjT-logien analysointi)
