|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
hjt loki
|
|
Member
|
15. heinäkuuta 2006 @ 12:47 |
Linkki tähän viestiin
|
Niin serkkujen kone on "hieman" sekaisin niin päätin laittaa heidän koneen HjT lokin tänne tutkittavaksi:
========
Logfile of HijackThis v1.99.1
Scan saved at 16:53:28, on 15.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\YW5qYQ\command.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\windows\defender.exe
C:\WINNT\system32\598e4fa4.exe
C:\WINNT\system32\0mcamcap.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\woif\woifm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\COMMON~1\woif\woifa.exe
C:\WINNT\sllights.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\Red alert\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.odikjxojiqumdnoqtbu.com/8xPIdinjwujZk4hJJvIZ6On3fI66m/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sonera.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [defender] C:\windows\defender.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\Run: [598e4fa4.exe] C:\WINNT\system32\598e4fa4.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\Run: [Jump readme live win] C:\Documents and Settings\All Users\Application Data\FunkBibJumpReadme\site mix.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Acid Vc] C:\DOCUME~1\JRJEST~1\APPLIC~1\MIXBOR~1\01 curb owns.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan
O4 - HKCU\..\Run: [kinder magicsport friends - linjatuomari] "c:\program files\linjatuomari screenmate\kinder magicsport friends - linjatuomari.exe"
O4 - HKCU\..\Run: [woif] C:\PROGRA~1\COMMON~1\woif\woifm.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [598e4fa4.exe] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\598e4fa4.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F04D012F-2E39-420F-8781-5CDE3F8569E4}: NameServer = 192.168.252.17 192.168.252.16
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\lvp6097se.dll
O21 - SSODL: ntdll.dll - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\kiaehneb.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YW5qYQ\command.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
========
Ei se aina lähe, ei ees joka kerta.
|
AfterDawn Addict
|
15. heinäkuuta 2006 @ 13:01 |
Linkki tähän viestiin
|
Ihan vaan vähän sekaisin, joo ;)
Poista ohjauspaneelista:
Webhancer tms.
Messenger Plus! 3
Error Safe
Lataa http://www.atribune.org/ccount/click.php?id=7
Look2Me-Destroyer.exe työpöydällesi.
TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:
* Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
* Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
* Klikkaa OK.
* Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
* Toissijainen kirjautuminen
* Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
* Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja.
[*]Sulje kaikki ikkunat ennen jatkamista.
[*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman.
[*]Rastita Run this program as a task.
[*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK
[*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia.
[*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa.
[*]Saat Done Scanning viestin, klikkaa OK.
[*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
[*]Tietokoneesi sammuttaa itsensä.
[*]Käynnistä koneesi uudelleen.
Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne.
Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Koeta uudelleen.
Lataa tuosta http://www.merijn.org/files/bfu.zip Brute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C:)" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfu Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).
Älä tee mitään tällä vielä!
Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.
Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.
Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi.
Jatketaan sitten eteenpäin :)
Ei HjT-lokeja tms. yksityisviestillä!
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 15. heinäkuuta 2006 @ 13:03
|
Member
|
15. heinäkuuta 2006 @ 14:10 |
Linkki tähän viestiin
|
En oo varma menikö hommat ihan ohjeiden mukaan mutta täs ois ny uutta lokia:
========
Logfile of HijackThis v1.99.1
Scan saved at 18:13:23, on 15.7.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\YW5qYQ\command.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\windows\defender.exe
C:\WINNT\system32\598e4fa4.exe
C:\WINNT\system32\0mcamcap.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\COMMON~1\woif\woifm.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\COMMON~1\woif\woifa.exe
C:\WINNT\sllights.exe
C:\PROGRA~1\COMMON~1\woif\woifl.exe
C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\Red alert\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.odikjxojiqumdnoqtbu.com/8xPIdinjwujZk4hJJvIZ6On3fI66m/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sonera.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [defender] C:\windows\defender.exe
O4 - HKLM\..\Run: [598e4fa4.exe] C:\WINNT\system32\598e4fa4.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\Run: [Jump readme live win] C:\Documents and Settings\All Users\Application Data\FunkBibJumpReadme\site mix.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Acid Vc] C:\DOCUME~1\JRJEST~1\APPLIC~1\MIXBOR~1\01 curb owns.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan
O4 - HKCU\..\Run: [woif] C:\PROGRA~1\COMMON~1\woif\woifm.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [598e4fa4.exe] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\598e4fa4.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F04D012F-2E39-420F-8781-5CDE3F8569E4}: NameServer = 192.168.252.17 192.168.252.16
O21 - SSODL: ntdll.dll - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\kiaehneb.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YW5qYQ\command.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
========
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 15.7.2006 17:38:07
Infected! C:\WINNT\system32\lvp6097se.dll
Infected! C:\WINNT\system32\aaa8la7u1d.dll
Infected! C:\WINNT\system32\aftapi.dll
Infected! C:\WINNT\system32\ajptif.dll
Infected! C:\WINNT\system32\auctres.dll
Infected! C:\WINNT\system32\auicap.dll
Infected! C:\WINNT\system32\aytiveds.dll
Infected! C:\WINNT\system32\az14lafq1d2e.dll
Infected! C:\WINNT\system32\aza0le7m1h.dll
Infected! C:\WINNT\system32\aza4037qe.dll
Infected! C:\WINNT\system32\aza4lafq1d2e.dll
Infected! C:\WINNT\system32\aza609hse.dll
Infected! C:\WINNT\system32\aza6l51s1.dll
Infected! C:\WINNT\system32\aza6la3s1d.dll
Infected! C:\WINNT\system32\aza8la1u1d.dll
Infected! C:\WINNT\system32\aza8la7u1d.dll
Infected! C:\WINNT\system32\azaml9511.dll
Infected! C:\WINNT\system32\azaqlaj51do.dll
Infected! C:\WINNT\system32\azas0977e.dll
Infected! C:\WINNT\system32\azasl5l71.dll
Infected! C:\WINNT\system32\cempobj.dll
Infected! C:\WINNT\system32\cynfmsp.dll
Infected! C:\WINNT\system32\d6j02g1mg6.dll
Infected! C:\WINNT\system32\dctmsft3.dll
Infected! C:\WINNT\system32\dFd9.dll
Infected! C:\WINNT\system32\dGdim.dll
Infected! C:\WINNT\system32\dHd9.dll
Infected! C:\WINNT\system32\dJtaclen.dll
Infected! C:\WINNT\system32\dPdramp.dll
Infected! C:\WINNT\system32\dPdx9_26.dll
Infected! C:\WINNT\system32\dptmsft3.dll
Infected! C:\WINNT\system32\drsbase.dll
Infected! C:\WINNT\system32\drvmgr.dll
Infected! C:\WINNT\system32\dtdlgs.dll
Infected! C:\WINNT\system32\dtdmo.dll
Infected! C:\WINNT\system32\dtrawex.dll
Infected! C:\WINNT\system32\dumasf.dll
Infected! C:\WINNT\system32\dwcpcsvc.dll
Infected! C:\WINNT\system32\dXd9.dll
Infected! C:\WINNT\system32\dzlay.dll
Infected! C:\WINNT\system32\e8200ifme82a0.dll
Infected! C:\WINNT\system32\fNxcom.dll
Infected! C:\WINNT\system32\fp0603dse.dll
Infected! C:\WINNT\system32\fp0o03d3e.dll
Infected! C:\WINNT\system32\fp2203foe.dll
Infected! C:\WINNT\system32\fp4003hme.dll
Infected! C:\WINNT\system32\fp4603hse.dll
Infected! C:\WINNT\system32\fp4o03h3e.dll
Infected! C:\WINNT\system32\fp6q03j5e.dll
Infected! C:\WINNT\system32\fpj4031qe.dll
Infected! C:\WINNT\system32\fpl2033oe.dll
Infected! C:\WINNT\system32\fpl6033se.dll
Infected! C:\WINNT\system32\fplm0331e.dll
Infected! C:\WINNT\system32\fpn0035me.dll
Infected! C:\WINNT\system32\fpnq0355e.dll
Infected! C:\WINNT\system32\fpp0037me.dll
Infected! C:\WINNT\system32\fpp4037qe.dll
Infected! C:\WINNT\system32\fPxxp32.dll
Infected! C:\WINNT\system32\fs0o03d3e.dll
Infected! C:\WINNT\system32\fysrch.dll
Infected! C:\WINNT\system32\g4lmle311h.dll
Infected! C:\WINNT\system32\h4n0le5m1h.dll
Infected! C:\WINNT\system32\h8l20i3oe8.dll
Infected! C:\WINNT\system32\hCl20i3oe8.dll
Infected! C:\WINNT\system32\hpsetup.dll
Infected! C:\WINNT\system32\hxtplug.dll
Infected! C:\WINNT\system32\i024lafq1d2e.dll
Infected! C:\WINNT\system32\i8jq0i15e8.dll
Infected! C:\WINNT\system32\ibwphbk.dll
Infected! C:\WINNT\system32\iCssdo.dll
Infected! C:\WINNT\system32\ielogmsg.dll
Infected! C:\WINNT\system32\ihnathlp.dll
Infected! C:\WINNT\system32\in50_qc.dll
Infected! C:\WINNT\system32\in50_qcx.dll
Infected! C:\WINNT\system32\ipagehlp.dll
Infected! C:\WINNT\system32\ipssuba.dll
Infected! C:\WINNT\system32\ir28l5fu1.dll
Infected! C:\WINNT\system32\ir4ul5h91.dll
Infected! C:\WINNT\system32\ir68l5ju1.dll
Infected! C:\WINNT\system32\ir6ul5j91.dll
Infected! C:\WINNT\system32\ir8sl5l71.dll
Infected! C:\WINNT\system32\irj6l51s1.dll
Infected! C:\WINNT\system32\irn6l55s1.dll
Infected! C:\WINNT\system32\irp6l57s1.dll
Infected! C:\WINNT\system32\irr6l59s1.dll
Infected! C:\WINNT\system32\it50_qcx.dll
Infected! C:\WINNT\system32\iugshl.dll
Infected! C:\WINNT\system32\izmontr.dll
Infected! C:\WINNT\system32\j02qlaf51d2.dll
Infected! C:\WINNT\system32\j4n2le5o1h.dll
Infected! C:\WINNT\system32\j4p0le7m1h.dll
Infected! C:\WINNT\system32\k4260efseh260.dll
Infected! C:\WINNT\system32\k8pm0i71e8.dll
Infected! C:\WINNT\system32\kK260efseh260.dll
Infected! C:\WINNT\system32\l02slaf71d2.dll
Infected! C:\WINNT\system32\l04qlah51d4.dll
Infected! C:\WINNT\system32\l0j8la1u1d.dll
Infected! C:\WINNT\system32\l0l6la3s1d.dll
Infected! C:\WINNT\system32\l4j80e1ueh.dll
Infected! C:\WINNT\system32\l8n40i5qe8.dll
Infected! C:\WINNT\system32\lak.dll
Infected! C:\WINNT\system32\lixlmpm.dll
Infected! C:\WINNT\system32\locmgr10.dll
Infected! C:\WINNT\system32\lv2s09f7e.dll
Infected! C:\WINNT\system32\lv4609hse.dll
Infected! C:\WINNT\system32\lv4u09h9e.dll
Infected! C:\WINNT\system32\lv6609jse.dll
Infected! C:\WINNT\system32\lv6s09j7e.dll
Infected! C:\WINNT\system32\lv8809lue.dll
Infected! C:\WINNT\system32\lvj6091se.dll
Infected! C:\WINNT\system32\lvj8091ue.dll
Infected! C:\WINNT\system32\lvjs0917e.dll
Infected! C:\WINNT\system32\lvl6093se.dll
Infected! C:\WINNT\system32\lvl8093ue.dll
Infected! C:\WINNT\system32\lvls0937e.dll
Infected! C:\WINNT\system32\lvns0957e.dll
Infected! C:\WINNT\system32\lvp6097se.dll
Infected! C:\WINNT\system32\lvp8097ue.dll
Infected! C:\WINNT\system32\lvps0977e.dll
Infected! C:\WINNT\system32\lvr6099se.dll
Infected! C:\WINNT\system32\m028lafu1d28.dll
Infected! C:\WINNT\system32\m0lsla371d.dll
Infected! C:\WINNT\system32\m4280efueh280.dll
Infected! C:\WINNT\system32\mfxml3r.dll
Infected! C:\WINNT\system32\mhobjs.dll
Infected! C:\WINNT\system32\micms.dll
Infected! C:\WINNT\system32\minsspc.dll
Infected! C:\WINNT\system32\mkltus40.dll
Infected! C:\WINNT\system32\ml3216.dll
Infected! C:\WINNT\system32\moclus.dll
Infected! C:\WINNT\system32\moiqtz32.dll
Infected! C:\WINNT\system32\mow3prt.dll
Infected! C:\WINNT\system32\muc40loc.dll
Infected! C:\WINNT\system32\mv00l9dm1.dll
Infected! C:\WINNT\system32\mv02l9do1.dll
Infected! C:\WINNT\system32\mv22l9fo1.dll
Infected! C:\WINNT\system32\mv42l9ho1.dll
Infected! C:\WINNT\system32\mv80l9lm1.dll
Infected! C:\WINNT\system32\mvj0l91m1.dll
Infected! C:\WINNT\system32\mvjml9111.dll
Infected! C:\WINNT\system32\mvl0l93m1.dll
Infected! C:\WINNT\system32\mvlml9311.dll
Infected! C:\WINNT\system32\mvn0l95m1.dll
Infected! C:\WINNT\system32\mvnml9511.dll
Infected! C:\WINNT\system32\mvp0l97m1.dll
Infected! C:\WINNT\system32\mvp2l97o1.dll
Infected! C:\WINNT\system32\mvpml9711.dll
Infected! C:\WINNT\system32\mvr0l99m1.dll
Infected! C:\WINNT\system32\mximg32.dll
Infected! C:\WINNT\system32\mxsystem.dll
Infected! C:\WINNT\system32\n02ulaf91d2.dll
Infected! C:\WINNT\system32\n06qlaj51do.dll
Infected! C:\WINNT\system32\n8p40i7qe8.dll
Infected! C:\WINNT\system32\nrhtml.dll
Infected! C:\WINNT\system32\nydsbsrv.dll
Infected! C:\WINNT\system32\nzdsatq.dll
Infected! C:\WINNT\system32\o0nsla571d.dll
Infected! C:\WINNT\system32\o0rola931d.dll
Infected! C:\WINNT\system32\o4lu0e39eh.dll
Infected! C:\WINNT\system32\oebctrac.dll
Infected! C:\WINNT\system32\omeaccrc.dll
Infected! C:\WINNT\system32\opmanage.dll
Infected! C:\WINNT\system32\oseaccrc.dll
Infected! C:\WINNT\system32\ovecli32.dll
Infected! C:\WINNT\system32\p06slaj71do.dll
Infected! C:\WINNT\system32\p0p6la7s1d.dll
Infected! C:\WINNT\system32\p0r4la9q1d.dll
Infected! C:\WINNT\system32\pCutoenr.dll
Infected! C:\WINNT\system32\pirfproc.dll
Infected! C:\WINNT\system32\pnustab.dll
Infected! C:\WINNT\system32\ppflbmsg.dll
Infected! C:\WINNT\system32\ptrfnet.dll
Infected! C:\WINNT\system32\qcvd.dll
Infected! C:\WINNT\system32\r0p8la7u1d.dll
Infected! C:\WINNT\system32\rraenh.dll
Infected! C:\WINNT\system32\rwvpmsg.dll
Infected! C:\WINNT\system32\rxutils.dll
Infected! C:\WINNT\system32\samsg.dll
Infected! C:\WINNT\system32\sfofi.dll
Infected! C:\WINNT\system32\tcpelib.dll
Infected! C:\WINNT\system32\tMpiperf.dll
Infected! C:\WINNT\system32\tppelib.dll
Infected! C:\WINNT\system32\txkwks.dll
Infected! C:\WINNT\system32\udbui.dll
Infected! C:\WINNT\system32\udl.dll
Infected! C:\WINNT\system32\wchfi.dll
Infected! C:\WINNT\system32\wdsapi32.dll
Infected! C:\WINNT\system32\wvpasf.dll
Infected! C:\WINNT\system32\xBctsrv.dll
Attempting to delete infected files...
Attempting to delete: C:\WINNT\system32\lvp6097se.dll
C:\WINNT\system32\lvp6097se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aaa8la7u1d.dll
C:\WINNT\system32\aaa8la7u1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aftapi.dll
C:\WINNT\system32\aftapi.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ajptif.dll
C:\WINNT\system32\ajptif.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\auctres.dll
C:\WINNT\system32\auctres.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\auicap.dll
C:\WINNT\system32\auicap.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aytiveds.dll
C:\WINNT\system32\aytiveds.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\az14lafq1d2e.dll
C:\WINNT\system32\az14lafq1d2e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza0le7m1h.dll
C:\WINNT\system32\aza0le7m1h.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza4037qe.dll
C:\WINNT\system32\aza4037qe.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza4lafq1d2e.dll
C:\WINNT\system32\aza4lafq1d2e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza609hse.dll
C:\WINNT\system32\aza609hse.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza6l51s1.dll
C:\WINNT\system32\aza6l51s1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza6la3s1d.dll
C:\WINNT\system32\aza6la3s1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza8la1u1d.dll
C:\WINNT\system32\aza8la1u1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\aza8la7u1d.dll
C:\WINNT\system32\aza8la7u1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\azaml9511.dll
C:\WINNT\system32\azaml9511.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\azaqlaj51do.dll
C:\WINNT\system32\azaqlaj51do.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\azas0977e.dll
C:\WINNT\system32\azas0977e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\azasl5l71.dll
C:\WINNT\system32\azasl5l71.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\cempobj.dll
C:\WINNT\system32\cempobj.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\cynfmsp.dll
C:\WINNT\system32\cynfmsp.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\d6j02g1mg6.dll
C:\WINNT\system32\d6j02g1mg6.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dctmsft3.dll
C:\WINNT\system32\dctmsft3.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dFd9.dll
C:\WINNT\system32\dFd9.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dGdim.dll
C:\WINNT\system32\dGdim.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dHd9.dll
C:\WINNT\system32\dHd9.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dJtaclen.dll
C:\WINNT\system32\dJtaclen.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dPdramp.dll
C:\WINNT\system32\dPdramp.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dPdx9_26.dll
C:\WINNT\system32\dPdx9_26.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dptmsft3.dll
C:\WINNT\system32\dptmsft3.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\drsbase.dll
C:\WINNT\system32\drsbase.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\drvmgr.dll
C:\WINNT\system32\drvmgr.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dtdlgs.dll
C:\WINNT\system32\dtdlgs.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dtdmo.dll
C:\WINNT\system32\dtdmo.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dtrawex.dll
C:\WINNT\system32\dtrawex.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dumasf.dll
C:\WINNT\system32\dumasf.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dwcpcsvc.dll
C:\WINNT\system32\dwcpcsvc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dXd9.dll
C:\WINNT\system32\dXd9.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dzlay.dll
C:\WINNT\system32\dzlay.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\e8200ifme82a0.dll
C:\WINNT\system32\e8200ifme82a0.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fNxcom.dll
C:\WINNT\system32\fNxcom.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp0603dse.dll
C:\WINNT\system32\fp0603dse.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp0o03d3e.dll
C:\WINNT\system32\fp0o03d3e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp2203foe.dll
C:\WINNT\system32\fp2203foe.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp4003hme.dll
C:\WINNT\system32\fp4003hme.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp4603hse.dll
C:\WINNT\system32\fp4603hse.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp4o03h3e.dll
C:\WINNT\system32\fp4o03h3e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fp6q03j5e.dll
C:\WINNT\system32\fp6q03j5e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpj4031qe.dll
C:\WINNT\system32\fpj4031qe.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpl2033oe.dll
C:\WINNT\system32\fpl2033oe.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpl6033se.dll
C:\WINNT\system32\fpl6033se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fplm0331e.dll
C:\WINNT\system32\fplm0331e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpn0035me.dll
C:\WINNT\system32\fpn0035me.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpnq0355e.dll
C:\WINNT\system32\fpnq0355e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpp0037me.dll
C:\WINNT\system32\fpp0037me.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fpp4037qe.dll
C:\WINNT\system32\fpp4037qe.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fPxxp32.dll
C:\WINNT\system32\fPxxp32.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fs0o03d3e.dll
C:\WINNT\system32\fs0o03d3e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\fysrch.dll
C:\WINNT\system32\fysrch.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\g4lmle311h.dll
C:\WINNT\system32\g4lmle311h.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\h4n0le5m1h.dll
C:\WINNT\system32\h4n0le5m1h.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\h8l20i3oe8.dll
C:\WINNT\system32\h8l20i3oe8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\hCl20i3oe8.dll
C:\WINNT\system32\hCl20i3oe8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\hpsetup.dll
C:\WINNT\system32\hpsetup.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\hxtplug.dll
C:\WINNT\system32\hxtplug.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\i024lafq1d2e.dll
C:\WINNT\system32\i024lafq1d2e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\i8jq0i15e8.dll
C:\WINNT\system32\i8jq0i15e8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ibwphbk.dll
C:\WINNT\system32\ibwphbk.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\iCssdo.dll
C:\WINNT\system32\iCssdo.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ielogmsg.dll
C:\WINNT\system32\ielogmsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ihnathlp.dll
C:\WINNT\system32\ihnathlp.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\in50_qc.dll
C:\WINNT\system32\in50_qc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\in50_qcx.dll
C:\WINNT\system32\in50_qcx.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ipagehlp.dll
C:\WINNT\system32\ipagehlp.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ipssuba.dll
C:\WINNT\system32\ipssuba.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir28l5fu1.dll
C:\WINNT\system32\ir28l5fu1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir4ul5h91.dll
C:\WINNT\system32\ir4ul5h91.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir68l5ju1.dll
C:\WINNT\system32\ir68l5ju1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir6ul5j91.dll
C:\WINNT\system32\ir6ul5j91.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir8sl5l71.dll
C:\WINNT\system32\ir8sl5l71.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\irj6l51s1.dll
C:\WINNT\system32\irj6l51s1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\irn6l55s1.dll
C:\WINNT\system32\irn6l55s1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\irp6l57s1.dll
C:\WINNT\system32\irp6l57s1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\irr6l59s1.dll
C:\WINNT\system32\irr6l59s1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\it50_qcx.dll
C:\WINNT\system32\it50_qcx.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\iugshl.dll
C:\WINNT\system32\iugshl.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\izmontr.dll
C:\WINNT\system32\izmontr.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\j02qlaf51d2.dll
C:\WINNT\system32\j02qlaf51d2.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\j4n2le5o1h.dll
C:\WINNT\system32\j4n2le5o1h.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\j4p0le7m1h.dll
C:\WINNT\system32\j4p0le7m1h.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\k4260efseh260.dll
C:\WINNT\system32\k4260efseh260.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\k8pm0i71e8.dll
C:\WINNT\system32\k8pm0i71e8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\kK260efseh260.dll
C:\WINNT\system32\kK260efseh260.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l02slaf71d2.dll
C:\WINNT\system32\l02slaf71d2.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l04qlah51d4.dll
C:\WINNT\system32\l04qlah51d4.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l0j8la1u1d.dll
C:\WINNT\system32\l0j8la1u1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l0l6la3s1d.dll
C:\WINNT\system32\l0l6la3s1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l4j80e1ueh.dll
C:\WINNT\system32\l4j80e1ueh.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\l8n40i5qe8.dll
C:\WINNT\system32\l8n40i5qe8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lak.dll
C:\WINNT\system32\lak.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lixlmpm.dll
C:\WINNT\system32\lixlmpm.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\locmgr10.dll
C:\WINNT\system32\locmgr10.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv2s09f7e.dll
C:\WINNT\system32\lv2s09f7e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv4609hse.dll
C:\WINNT\system32\lv4609hse.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv4u09h9e.dll
C:\WINNT\system32\lv4u09h9e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv6609jse.dll
C:\WINNT\system32\lv6609jse.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv6s09j7e.dll
C:\WINNT\system32\lv6s09j7e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lv8809lue.dll
C:\WINNT\system32\lv8809lue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvj6091se.dll
C:\WINNT\system32\lvj6091se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvj8091ue.dll
C:\WINNT\system32\lvj8091ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvjs0917e.dll
C:\WINNT\system32\lvjs0917e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvl6093se.dll
C:\WINNT\system32\lvl6093se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvl8093ue.dll
C:\WINNT\system32\lvl8093ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvls0937e.dll
C:\WINNT\system32\lvls0937e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvns0957e.dll
C:\WINNT\system32\lvns0957e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvp6097se.dll
C:\WINNT\system32\lvp6097se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvp8097ue.dll
C:\WINNT\system32\lvp8097ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvps0977e.dll
C:\WINNT\system32\lvps0977e.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\lvr6099se.dll
C:\WINNT\system32\lvr6099se.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\m028lafu1d28.dll
C:\WINNT\system32\m028lafu1d28.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\m0lsla371d.dll
C:\WINNT\system32\m0lsla371d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\m4280efueh280.dll
C:\WINNT\system32\m4280efueh280.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mfxml3r.dll
C:\WINNT\system32\mfxml3r.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mhobjs.dll
C:\WINNT\system32\mhobjs.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\micms.dll
C:\WINNT\system32\micms.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\minsspc.dll
C:\WINNT\system32\minsspc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mkltus40.dll
C:\WINNT\system32\mkltus40.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ml3216.dll
C:\WINNT\system32\ml3216.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\moclus.dll
C:\WINNT\system32\moclus.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\moiqtz32.dll
C:\WINNT\system32\moiqtz32.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mow3prt.dll
C:\WINNT\system32\mow3prt.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\muc40loc.dll
C:\WINNT\system32\muc40loc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mv00l9dm1.dll
C:\WINNT\system32\mv00l9dm1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mv02l9do1.dll
C:\WINNT\system32\mv02l9do1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mv22l9fo1.dll
C:\WINNT\system32\mv22l9fo1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mv42l9ho1.dll
C:\WINNT\system32\mv42l9ho1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mv80l9lm1.dll
C:\WINNT\system32\mv80l9lm1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvj0l91m1.dll
C:\WINNT\system32\mvj0l91m1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvjml9111.dll
C:\WINNT\system32\mvjml9111.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvl0l93m1.dll
C:\WINNT\system32\mvl0l93m1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvlml9311.dll
C:\WINNT\system32\mvlml9311.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvn0l95m1.dll
C:\WINNT\system32\mvn0l95m1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvnml9511.dll
C:\WINNT\system32\mvnml9511.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvp0l97m1.dll
C:\WINNT\system32\mvp0l97m1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvp2l97o1.dll
C:\WINNT\system32\mvp2l97o1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvpml9711.dll
C:\WINNT\system32\mvpml9711.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mvr0l99m1.dll
C:\WINNT\system32\mvr0l99m1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mximg32.dll
C:\WINNT\system32\mximg32.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mxsystem.dll
C:\WINNT\system32\mxsystem.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\n02ulaf91d2.dll
C:\WINNT\system32\n02ulaf91d2.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\n06qlaj51do.dll
C:\WINNT\system32\n06qlaj51do.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\n8p40i7qe8.dll
C:\WINNT\system32\n8p40i7qe8.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\nrhtml.dll
C:\WINNT\system32\nrhtml.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\nydsbsrv.dll
C:\WINNT\system32\nydsbsrv.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\nzdsatq.dll
C:\WINNT\system32\nzdsatq.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\o0nsla571d.dll
C:\WINNT\system32\o0nsla571d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\o0rola931d.dll
C:\WINNT\system32\o0rola931d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\o4lu0e39eh.dll
C:\WINNT\system32\o4lu0e39eh.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\oebctrac.dll
C:\WINNT\system32\oebctrac.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\omeaccrc.dll
C:\WINNT\system32\omeaccrc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\opmanage.dll
C:\WINNT\system32\opmanage.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\oseaccrc.dll
C:\WINNT\system32\oseaccrc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ovecli32.dll
C:\WINNT\system32\ovecli32.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\p06slaj71do.dll
C:\WINNT\system32\p06slaj71do.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\p0p6la7s1d.dll
C:\WINNT\system32\p0p6la7s1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\p0r4la9q1d.dll
C:\WINNT\system32\p0r4la9q1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\pCutoenr.dll
C:\WINNT\system32\pCutoenr.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\pirfproc.dll
C:\WINNT\system32\pirfproc.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\pnustab.dll
C:\WINNT\system32\pnustab.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ppflbmsg.dll
C:\WINNT\system32\ppflbmsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ptrfnet.dll
C:\WINNT\system32\ptrfnet.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\qcvd.dll
C:\WINNT\system32\qcvd.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\r0p8la7u1d.dll
C:\WINNT\system32\r0p8la7u1d.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\rraenh.dll
C:\WINNT\system32\rraenh.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\rwvpmsg.dll
C:\WINNT\system32\rwvpmsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\rxutils.dll
C:\WINNT\system32\rxutils.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\samsg.dll
C:\WINNT\system32\samsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\sfofi.dll
C:\WINNT\system32\sfofi.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\tcpelib.dll
C:\WINNT\system32\tcpelib.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\tMpiperf.dll
C:\WINNT\system32\tMpiperf.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\tppelib.dll
C:\WINNT\system32\tppelib.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\txkwks.dll
C:\WINNT\system32\txkwks.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\udbui.dll
C:\WINNT\system32\udbui.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\udl.dll
C:\WINNT\system32\udl.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\wchfi.dll
C:\WINNT\system32\wchfi.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\wdsapi32.dll
C:\WINNT\system32\wdsapi32.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\wvpasf.dll
C:\WINNT\system32\wvpasf.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\xBctsrv.dll
C:\WINNT\system32\xBctsrv.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98C60425-153C-4300-A0C5-3E63B13B65AA}"
HKCR\Clsid\{98C60425-153C-4300-A0C5-3E63B13B65AA}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E5AC9590-DEB4-4DD0-B2BF-DF9B4A658775}"
HKCR\Clsid\{E5AC9590-DEB4-4DD0-B2BF-DF9B4A658775}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0AD1B8BF-52B3-4FF8-ACED-F3B511B31C0C}"
HKCR\Clsid\{0AD1B8BF-52B3-4FF8-ACED-F3B511B31C0C}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{87542E68-F821-4F55-8875-60727074F18A}"
HKCR\Clsid\{87542E68-F821-4F55-8875-60727074F18A}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{491866B7-FEC7-44D4-B02D-9A8293C42988}"
HKCR\Clsid\{491866B7-FEC7-44D4-B02D-9A8293C42988}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded
Ei se aina lähe, ei ees joka kerta.
|
AfterDawn Addict
|
15. heinäkuuta 2006 @ 14:51 |
Linkki tähän viestiin
|
Meni sinne päin ainakin.
Fixaa nämä (do a system scan only, merkkaa ja paina fix checked):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.odikjxojiqumdnoqtbu.com/8xPIdinjwujZk4hJJvIZ6On3fI66m/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [defender] C:\windows\defender.exe
O4 - HKLM\..\Run: [598e4fa4.exe] C:\WINNT\system32\598e4fa4.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\Run: [Jump readme live win] C:\Documents and Settings\All Users\Application Data\FunkBibJumpReadme\site mix.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Acid Vc] C:\DOCUME~1\JRJEST~1\APPLIC~1\MIXBOR~1\01 curb owns.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan
O4 - HKCU\..\Run: [woif] C:\PROGRA~1\COMMON~1\woif\woifm.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [ntdll.dll] C:\WINNT\system32\0mcamcap.exe
O4 - HKCU\..\Run: [598e4fa4.exe] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\598e4fa4.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINNT\system32\0mcamcap.exe
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab
O21 - SSODL: ntdll.dll - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINNT\system32\kiaehneb.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YW5qYQ\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Sitten käynnistä -> suorita
kirjoita sc stop cmdService ja klikkaa ok
sc delete cmdService ja klikkaa ok
sc stop "Network Monitor" ja klikkaa ok
sc delete "Network Monitor" ja klikkaa ok
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista, jos löytyy:
c:\secure32.html
C:\Program Files\webHancer
C:\windows\defender.exe
C:\WINNT\system32\598e4fa4.exe
C:\WINNT\system32\0mcamcap.exe
C:\Documents and Settings\All Users\Application Data\FunkBibJumpReadme
C:\Program Files\Error Safe Free
C:\DOCUME~1\JRJEST~1\APPLIC~1\MIXBOR~1
C:\PROGRA~1\COMMON~1\woif
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\598e4fa4.exe
C:\WINNT\system32\kiaehneb.dll
C:\WINNT\YW5qYQ
C:\Program Files\Network Monitor
Käynnistä uudelleen.
Hae findlop ->
http://metallica.geekstogo.com/findlop.zip
Pura ja tuplaklikkaa findlop.bat
Logi löytyy tuolta C:\findlop.txt
Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.htmlKaspersky Online Skannerilla
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
Lähetä:
- uusi HjT-loki
- kasperskyn raportti
- C:\findlop.txt-tiedoston sisältö
Ei HjT-lokeja tms. yksityisviestillä!
|
Member
|
16. heinäkuuta 2006 @ 06:40 |
Linkki tähän viestiin
|
|
Juu tuli ongelma: kun kirjotan siihen suorita juttuun tuon sc stop cmdService niin se valittaa että
"Tiedostoa sc (tai jotakin sen osaa) ei löydy. Varmista, että polku ja tiedostonimi ovat oikein ja että kaikki tarvittavat kirjastot ovat käytettävissä."
Mitä teen?
Ei se aina lähe, ei ees joka kerta.
|
AfterDawn Addict
|
16. heinäkuuta 2006 @ 08:35 |
Linkki tähän viestiin
|
|
Aivan tuota sc-komentoa ei ole win 2000:ssa. Ohita se kohta ainakin toistaiseksi ja jatka eteenpäin.
Ei HjT-lokeja tms. yksityisviestillä!
|
|
Mainos
|
|
|
|
pkaksp
Moderator
|
16. heinäkuuta 2006 @ 09:28 |
Linkki tähän viestiin
|
|
|
|
