|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Messengeriä häiritään, apua kaivataan.
|
|
Newbie
|
22. syyskuuta 2006 @ 15:25 |
Linkki tähän viestiin
|
Eli sain kaverilta MSN Messengerissä viestin, missä oli nettisivun osoite ja viesti "lol, check :P" minä tyhmänä klikkasin ja latasin sen ja sieltä tuli joku pöpö, ja jotain muutakin roskaa, Toolbar888 ainakin. Se siis lähettää jokaiselle messenger yhteystiedolle saman viestin, näin ollen levittää itseään. Apua olen hakenut, ja HijackThis ohjelman latasin.
Tässä siis se loki, toivon todella, että joku voisi auttaa minua:
Logfile of HijackThis v1.99.1
Scan saved at 19:12:54, on 22.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Xinstall.exe
C:\nwnmff_e10.exe
C:\dfndrff_e11.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\kybrdff_e11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\pelit\steam\steam\steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Petri\Käynnistä-valikko\Ohjelmat\Käynnistys\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NoAdware4\NoAdware4.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgs.exe
C:\Documents and Settings\Petri\Työpöytä\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e11.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "g:\pelit\steam\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: iexplore.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\System32\Drivers\WTSRV.EXE
|
AfterDawn Addict
|
22. syyskuuta 2006 @ 15:28 |
Linkki tähän viestiin
|
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen
Lähetä uusi HjT-loki ja combofixin loki.
Ei HjT-lokeja tms. yksityisviestillä!
|
Newbie
|
22. syyskuuta 2006 @ 15:40 |
Linkki tähän viestiin
|
|
Hups, tuli kaks viestiä.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. syyskuuta 2006 @ 15:42
|
Newbie
|
22. syyskuuta 2006 @ 15:40 |
Linkki tähän viestiin
|
Lainaus:
Lähetä uusi HjT-loki ja combofixin loki.
Kiitos nopeasta vastauksesta!
Tässä siis combofix loki:
Petri - 06-09-22 19:32:51,46 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Petri\Ty”p”yt„"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drsmartload1135a.exe
C:\WINDOWS\drsmartload1135a.exe
C:\WINDOWS\drsmartload2.dat
C:\dfndrff_e10.exe
C:\dfndrff_e11.exe
C:\drsmartload.exe
C:\drsmartload45a45a45c.exe
C:\drsmartload45a45a45d.exe
C:\deskbar.exe
C:\kybrdff_e10.exe
C:\kybrdff_e11.exe
C:\MTE3NDI6ODoxNg.exe
C:\nwnmff_e10.exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\DW3I3NPZ\dfndrff_e[1].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\SPYJ45YJ\dfndrff_e_uit[1].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\DW3I3NPZ\drsmartload45a[1].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\drsmartload1135a[1].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\kybrdff_e[2].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\MTE3NDI6ODoxNg[1].exe
C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\SPYJ45YJ\nwnmff_e[1].exe
C:\mte3ndi6odoxng.exe
C:\Program Files\Deskbar
C:\Program Files\ToolBar888
C:\Program Files\Common Files\{387E6850-0781-1035-0210-040507020166}
((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))
2006-09-22 17:55 676,081 --a------ C:\deskbar_e11.exe
2006-09-22 17:55 28,672 --a------ C:\WINDOWS\system32\mny.exe
2006-09-22 17:55 20,480 --a------ C:\WINDOWS\system32\sprK.exe
2006-09-21 21:22 578,560 --a------ C:\Installer4.exe
2006-09-21 21:19 52,305 --a------ C:\WINDOWS\Xinstall.exe
2006-09-21 21:19 52,305 --a------ C:\WINDOWS\system32\Xinstall.exe
2006-09-21 21:19 20,480 --a------ C:\WINDOWS\system32\sprT.exe
2006-09-21 21:19 20,480 --a------ C:\WINDOWS\sprT.exe
2006-09-21 21:19 138,862 --a------ C:\WINDOWS\system32\alfa.exe
2006-09-21 21:19 138,862 --a------ C:\WINDOWS\alfa.exe
2006-08-26 12:59 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-22 17:58 -------- d-------- C:\Program Files\NoAdware4
2006-09-21 15:38 -------- d-------- C:\Program Files\Apple Software Update
2006-08-31 18:56 -------- d-------- C:\Program Files\Fraps
2006-08-31 18:45 -------- d-------- C:\Program Files\Windows Journal viewer mik„ lie
2006-08-26 12:58 -------- d-------- C:\Program Files\dB PowerAmp
2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 12:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 21:05 -------- d-------- C:\Program Files\Bit Lord 1.1
2006-08-17 21:03 -------- d-------- C:\Program Files\bitlord
2006-08-11 08:08 -------- d-------- C:\Program Files\EA Games
2006-08-08 19:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-05 18:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 18:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 18:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 18:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-05 09:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-02 11:30 -------- d-------- C:\Program Files\Power Tab Software
2006-07-31 10:57 -------- d-------- C:\Program Files\filesubmit
2006-07-31 10:48 -------- d-------- C:\Program Files\Slipknot2
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 19:55 4955 --a------ C:\Program Files\Guitar_Pro_4.zip
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-07-08 21:22 4466264 --a------ C:\Program Files\MsgPlusLive-400.exe
2006-06-22 08:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 08:17 1438208 --a------ C:\WINDOWS\system32\query.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"="\"g:\\pelit\\steam\\steam\\steam.exe\" -silent"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"msnsyslog"="C:\\WINDOWS\\msnappm.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"WService"="WService.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launchpd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"d:\\pelit\\steam\\steam\\steam.exe\" -silent"
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: Fri 22.09.2006 19:36:12.71
ComboFix.txt
ja HijackThis loki:
Logfile of HijackThis v1.99.1
Scan saved at 19:38:48, on 22.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
G:\pelit\steam\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\Petri\Käynnistä-valikko\Ohjelmat\Käynnistys\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Petri\Työpöytä\Kaikkea\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "g:\pelit\steam\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: iexplore.exe
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\System32\Drivers\WTSRV.EXE
|
AfterDawn Addict
|
22. syyskuuta 2006 @ 16:11 |
Linkki tähän viestiin
|
Fixaa nämä:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - Startup: iexplore.exe
Hae KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa
C:\deskbar_e11.exe
C:\WINDOWS\system32\mny.exe
C:\WINDOWS\system32\sprK.exe
C:\Installer4.exe
C:\WINDOWS\Xinstall.exe
C:\WINDOWS\system32\Xinstall.exe
C:\WINDOWS\system32\sprT.exe
C:\WINDOWS\sprT.exe
C:\WINDOWS\system32\alfa.exe
C:\WINDOWS\alfa.exe
C:\WINDOWS\system32\SpoonUninstall.exe
C:\Documents and Settings\Petri\Käynnistä-valikko\Ohjelmat\Käynnistys\iexplore.exe
C:\WINDOWS\msnappm.exe
Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).
Lähetä myös uus Hijack-logi.
Ei HjT-lokeja tms. yksityisviestillä!
|
Newbie
|
22. syyskuuta 2006 @ 18:26 |
Linkki tähän viestiin
|
Ok, eli nyt tässä on eScanin "örkkitulokset":
File C:\PROGRA~1\MSNMES~1\msnmsgr.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\alfa.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\WINDOWS\system32\alfa.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\DW3I3NPZ\sprT[1].exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\G5EB4T6N\ac3_0010[1].exe infected by "Trojan-Downloader.Win32.Small.cyh" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\G5EB4T6N\alfa[1].exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\loader[1].exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\drsmartload45a[1].exe infected by "Trojan-Downloader.Win32.Adload.fq" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\WL6BO1AB\Installer[1].exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\Documents and Settings\Petri\Local Settings\Temporary Internet Files\Content.IE5\SPYJ45YJ\ucmoreiex[1].exe tagged as not-a-virus:AdWare.Win32.Ucmore.e. No Action Taken.
File C:\Documents and Settings\Petri\Työpöytä\turvat\noadware.4.0.serial-rev.ZIP.rar infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Työpöytä\turvat\backups\backup-20060922-201604-319-iexplore.exe infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\sprT.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\Xinstall.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Petri\alfa.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\Program Files\MSN Messenger\extfix.exe tagged as not-a-virus:RiskTool.Win32.ExtUnlock.a. No Action Taken.
File C:\Program Files\MSN Messenger\Messengerin blockeri pois.zip tagged as not-a-virus:RiskTool.Win32.ExtUnlock.a. No Action Taken.
File C:\Program Files\mIRC\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\Slipknot\slipknot2.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\Program Files\Slipknot\filesubmit\slipknot2.zip\SetupInst.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\Program Files\filesubmit\slipknot.zip\SetupInst.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\Program Files\NoAdware4\patch_.exe infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP329\A0103418.exe tagged as not-a-virus:AdWare.Win32.WinAD.i. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104248.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104249.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104250.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104251.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104341.PIF infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104342.PIF infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104349.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104358.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104361.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104380.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104384.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104387.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104399.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104415.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104417.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104418.dll tagged as not-a-virus:AdWare.Win32.Softomate.q. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104420.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104422.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104430.exe infected by "Trojan-Downloader.Win32.Adload.fk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104432.exe infected by "Trojan-Downloader.Win32.Adload.fq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104433.exe infected by "Trojan-Downloader.Win32.Adload.fq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104434.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104437.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104438.exe infected by "Trojan-Downloader.Win32.Adload.fk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104461.exe infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104464.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104467.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104468.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104469.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104470.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104471.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104472.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104473.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104484.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104487.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104488.dll tagged as not-a-virus:AdWare.Win32.Softomate.q. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104493.EXE infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104494.exe infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104495.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104496.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104501.exe infected by "Trojan-Clicker.Win32.VB.ph" Virus. Action Taken: File Deleted.
File C:\drsmartload.exe infected by "Trojan-Downloader.Win32.Adload.fp" Virus. Action Taken: File Deleted.
File C:\drsmartload45a45a45d.exe infected by "Trojan-Downloader.Win32.Adload.fq" Virus. Action Taken: File Deleted.
File C:\MTE3NDI6ODoxNg.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
File C:\ucmoreiex.exe tagged as not-a-virus:AdWare.Win32.Ucmore.e. No Action Taken.
File C:\!KillBox\alfa.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\!KillBox\alfa.exe( 1) tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\!KillBox\sprT.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\!KillBox\sprT.exe( 2) infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\!KillBox\Xinstall.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\!KillBox\Xinstall.exe( 3) infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\!KillBox\Installer4.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\!KillBox\deskbar_e11.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File G:\Pelit\Steam\Steam\SteamApps\SourceMods\gmod9\data\lua_e\lw\antiv.lua infected by "Virus.Lua.LuaDef.d" Virus. Action Taken: File Renamed.
File G:\Pelit\Steam\Steam\SteamApps\SourceMods\gmod9\lua\init\antiv.lua infected by "Virus.Lua.LuaDef.d" Virus. Action Taken: File Renamed.
jaa HijackThis loki:
Logfile of HijackThis v1.99.1
Scan saved at 22:24:10, on 22.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\dfndrff_e11.exe
C:\nwnmff_e11.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\kybrdff_e11.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
G:\pelit\steam\steam\steam.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Petri\Työpöytä\turvat\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e11.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e11.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e11.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "g:\pelit\steam\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\System32\Drivers\WTSRV.EXE
pikaista vastausta odotellessa...
Muusikon retale, tietokoneista vähän tietävä
|
AfterDawn Addict
|
23. syyskuuta 2006 @ 08:20 |
Linkki tähän viestiin
|
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi[list]Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
[/list]Jos käytät Operaa selaimenasi[list]Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Tyhjennä -> C:\!KillBox
Poista
C:\WINDOWS\system32\alfa.exe
C:\Documents and Settings\Petri\alfa.exe
C:\Program Files\Slipknot\slipknot2.exe
C:\Program Files\Slipknot\filesubmit\slipknot2.zip
C:\Program Files\filesubmit\slipknot.zip
Tyhjennä roskis.
Aja combofix ja escan uudestaan. Lähetä niiden lokit ja uusi HjT-loki.
Ei HjT-lokeja tms. yksityisviestillä!
|
Newbie
|
23. syyskuuta 2006 @ 10:24 |
Linkki tähän viestiin
|
Täytyy tähän väliin sanoa, että avastin varoitukset troijalaisesta tai viruksesta on nyt vähentyneet melkein nollaan. Konetta käynnistäessä niitä tulee vielä.
ok, eli tässä sen combofixin loki:
Petri - 06-09-23 12:32:41,81 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Petri\Ty”p”yt„\turvat"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e11.exe
C:\dfndrff_e12.exe
C:\drsmartload45a45a45e.exe
C:\drsmartload.exe
C:\deskbar.exe
C:\kybrdff_e11.exe
C:\kybrdff_e12.exe
C:\nwnmff_e11.exe
C:\nwnmff_e12.exe
C:\ac3_0010.exe
C:\ucmoreiex.exe
C:\Program Files\ToolBar888
C:\Program Files\Common Files\{387E6850-0781-1035-0210-040507020166}
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))
2006-09-23 09:36 25,105 --a------ C:\MTE3NDI6ODoxNgnew.exe
2006-09-23 09:33 667,889 --a------ C:\deskbar_e12.exe
2006-09-22 20:21 28,672 --a------ C:\WINDOWS\system32\mny.exe
2006-09-22 20:21 20,480 --a------ C:\WINDOWS\system32\sprK.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-22 17:58 -------- d-------- C:\Program Files\NoAdware4
2006-09-21 15:38 -------- d-------- C:\Program Files\Apple Software Update
2006-08-31 18:56 -------- d-------- C:\Program Files\Fraps
2006-08-31 18:45 -------- d-------- C:\Program Files\Windows Journal viewer mik„ lie
2006-08-26 12:58 -------- d-------- C:\Program Files\dB PowerAmp
2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 12:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 21:05 -------- d-------- C:\Program Files\Bit Lord 1.1
2006-08-17 21:03 -------- d-------- C:\Program Files\bitlord
2006-08-11 08:08 -------- d-------- C:\Program Files\EA Games
2006-08-08 19:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-05 18:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 18:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 18:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 18:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-05 09:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-02 11:30 -------- d-------- C:\Program Files\Power Tab Software
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 19:55 4955 --a------ C:\Program Files\Guitar_Pro_4.zip
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-07-08 21:22 4466264 --a------ C:\Program Files\MsgPlusLive-400.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"="\"g:\\pelit\\steam\\steam\\steam.exe\" -silent"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"WService"="WService.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launchpd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"d:\\pelit\\steam\\steam\\steam.exe\" -silent"
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: Sat 23.09.2006 12:34:50.90
ComboFix2.txt
ComboFix.txt
eScanin "örkkitulokset":
File C:\Program Files\MSN Messenger\extfix.exe tagged as not-a-virus:RiskTool.Win32.ExtUnlock.a. No Action Taken.
File C:\Program Files\MSN Messenger\Messengerin blockeri pois.zip tagged as not-a-virus:RiskTool.Win32.ExtUnlock.a. No Action Taken.
File C:\Program Files\mIRC\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
File C:\Program Files\filesubmit\slipknot.zip\SetupInst.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP329\A0103418.exe tagged as not-a-virus:AdWare.Win32.WinAD.i. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104249.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104349.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104361.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104380.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104387.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104399.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104415.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104417.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104418.dll tagged as not-a-virus:AdWare.Win32.Softomate.q. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104422.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104431.exe infected by "Trojan-Downloader.Win32.Adload.fs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104434.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104464.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104467.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104472.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104473.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104484.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104488.dll tagged as not-a-virus:AdWare.Win32.Softomate.q. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104502.exe infected by "Trojan-Downloader.Win32.Adload.fq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104503.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104504.exe infected by "IM-Worm.Win32.Licat.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104505.exe infected by "Trojan-Dropper.Win32.PurityScan.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104549.exe tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104550.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104551.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104552.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104556.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104557.exe tagged as not-a-virus:AdWare.Win32.Agent.y. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104570.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104571.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104576.exe infected by "Trojan-Downloader.Win32.Adload.fs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104578.exe infected by "Trojan-Downloader.Win32.Adload.fs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104579.exe infected by "Trojan-Downloader.Win32.Small.cyh" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104580.exe tagged as not-a-virus:AdWare.Win32.Ucmore.e. No Action Taken.
File C:\System Volume Information\_restore{3DB4D520-3651-45BA-9402-43AA87449941}\RP336\A0104586.dll tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\Recycled\Dc1.zip\SetupInst.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
File C:\deskbar_e12.exe tagged as not-a-virus:AdWare.Win32.Softomate.r. No Action Taken.
File C:\MTE3NDI6ODoxNgnew.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
ja HijackThis loki:
Logfile of HijackThis v1.99.1
Scan saved at 14:23:03, on 23.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
G:\pelit\steam\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Petri\Työpöytä\turvat\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "g:\pelit\steam\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\System32\Drivers\WTSRV.EXE
Muusikon retale, tietokoneista vähän tietävä
|
AfterDawn Addict
|
23. syyskuuta 2006 @ 10:33 |
Linkki tähän viestiin
|
Ei HjT-lokeja tms. yksityisviestillä!
|
Newbie
|
23. syyskuuta 2006 @ 10:50 |
Linkki tähän viestiin
|
okei, Combofix:
Petri - 06-09-23 14:48:49,95 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Petri\Ty”p”yt„\turvat"
((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-22 17:58 -------- d-------- C:\Program Files\NoAdware4
2006-09-21 15:38 -------- d-------- C:\Program Files\Apple Software Update
2006-08-31 18:56 -------- d-------- C:\Program Files\Fraps
2006-08-31 18:45 -------- d-------- C:\Program Files\Windows Journal viewer mik„ lie
2006-08-26 12:58 -------- d-------- C:\Program Files\dB PowerAmp
2006-08-21 15:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 12:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 12:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 21:05 -------- d-------- C:\Program Files\Bit Lord 1.1
2006-08-17 21:03 -------- d-------- C:\Program Files\bitlord
2006-08-11 08:08 -------- d-------- C:\Program Files\EA Games
2006-08-08 19:53 635520 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-08-05 18:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 18:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 18:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 18:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-08-05 09:18 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-08-02 11:30 -------- d-------- C:\Program Files\Power Tab Software
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 16:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 19:55 4955 --a------ C:\Program Files\Guitar_Pro_4.zip
2006-07-21 11:28 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-07-08 21:22 4466264 --a------ C:\Program Files\MsgPlusLive-400.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"="\"g:\\pelit\\steam\\steam\\steam.exe\" -silent"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"WService"="WService.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a9,01,00,00,00,00,00,00,57,02,00,00,e1,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launchpd"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"d:\\pelit\\steam\\steam\\steam.exe\" -silent"
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: Sat 23.09.2006 14:49:25.43
ComboFix3.txt
ComboFix2.txt
ComboFix.txt
sitte HjT:
Logfile of HijackThis v1.99.1
Scan saved at 14:50:29, on 23.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WService.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
G:\pelit\steam\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Petri\Työpöytä\turvat\HijackThis_v1.99.1.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "g:\pelit\steam\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Microsoft Office Pikahaku.lnk = C:\Program Files\msaccrt\Access 97\FINDFAST.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\System32\Drivers\WTSRV.EXE
Muusikon retale, tietokoneista vähän tietävä
|
AfterDawn Addict
|
23. syyskuuta 2006 @ 10:58 |
Linkki tähän viestiin
|
|
Näyttäis olevan ok.
Tyhjennä järjestelmänpalautus:
1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.
Päivitä Java.
Vielä ongelmia?
Ei HjT-lokeja tms. yksityisviestillä!
|
Newbie
|
23. syyskuuta 2006 @ 11:15 |
Linkki tähän viestiin
|
No nyt tuntuis toimivan! ISO KIITOS, itte en tajua näistä jutuista oikein mitään, hyvä keksintö tämä afterdawn. Vielä tarttis varmaankin virusturvaa ehkäpä vaihtaa paremmaksi, Avast! ei näköjään ainakaan noihin vaikuttanut mitenkään. Mutta vielä kerran kiitos!
Muusikon retale, tietokoneista vähän tietävä
|
|
Mainos
|
|
|
AfterDawn Addict
|
23. syyskuuta 2006 @ 11:21 |
Linkki tähän viestiin
|
|
No ei noita uusia pöpöjä aina heti torjunnat tunnista. Olepa hyvä :)
Ei HjT-lokeja tms. yksityisviestillä!
|
|
