|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Haittaohjelman poisto -- ilmeisesti jotain jäänteitä jäänyt
|
|
|
KIA
Junior Member
|
5. marraskuuta 2006 @ 06:04 |
Linkki tähän viestiin
|
Eli parin viikon aikana on vaivannut erään downloader trojalaisen ongelma, jonka Soneran tietoturva (f-secure) tunnistaa, muttei poistanut lopullisesti vaikka antoi niin ymmärtää. Selaimen, exploderin, uudelleen käynnistys ponnautti esiin taas mainosspammiä.
Löysin googlettamalla tietoa epäillysä ipwin -ohjelmasta, joka koneelta löytyi. Sen todettiin olevan yksi näistä haittaohjelmista. Löysin sen ja Toolbar888 -nimiset ohjelmat XP:n lisää/poista sovellusvalikosta. SItä kautta poistin molemmat. Muistaakseni sen jälkeen en ole enää saanut exploder mainosspämmiä.
Mutta nyt vaivaa vielä seuraava ongelma. Kun käynnistän koneen ja kirjaudun omalle tilille tulee seuraava ilmoitus:
"Update.exe - Osaa ei löydy
Sovelluksen käynnistäminen ei onnistu, koska services.dll ei löytynyt. Sovelluksen uudelleenasentaminen saattaa korjata ongelman".
Rekisteristä olen löytänyt tuollaisen Update.exe ohjelman, joka mahdollisesti on tämä sama. Eli tämmöinen löytyy HKLM\Software\Microsoft\Windows\Current version\Run "C:\windows\UpdReg.exe"
Samalla tuon update virheilmoituksen kanssa saan firefoxista aina ilmoituksen, että edellinen istunto keskeytettiin odottamatta tjs., vaikka näin ei olisikaan.
Olen ajanut HijackThis lokin. Kuulostaako sellaiselta, että kannattaa tuo loki postata tänne?
|
AfterDawn Addict
|
5. marraskuuta 2006 @ 07:37 |
Linkki tähän viestiin
|
|
Kyllä kuulostaa :)
Ei HjT-lokeja tms. yksityisviestillä!
|
|
KIA
Junior Member
|
5. marraskuuta 2006 @ 08:57 |
Linkki tähän viestiin
|
OK. Tämänlainen listaus tuli:
Logfile of HijackThis v1.99.1
Scan saved at 10:52:22, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva2\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva2\Common\FCH32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sonera Tietoturva2\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe
C:\Program Files\Sonera Tietoturva2\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Multimedia\iTunes\iTunesHelper.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
C:\Program Files\Multimedia\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\{3C6C1D88-0BC6-1035-0108-040401210166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razertra.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerofa.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Tiedostot\Common Zip\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Hyoty\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva2\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Multimedia\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [razer] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.uku.fi:20...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1134167571625
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Multimedia\iPod\bin\iPodService.exe
O23 - Service: Ql1pateser - Sonic Solutions - (no file)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
|
AfterDawn Addict
|
5. marraskuuta 2006 @ 09:36 |
Linkki tähän viestiin
|
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen
Lähetä myös uusi HjT-loki.
Ei HjT-lokeja tms. yksityisviestillä!
|
|
KIA
Junior Member
|
5. marraskuuta 2006 @ 11:47 |
Linkki tähän viestiin
|
Tässä ComboFix Loki:
Antti Hyv?rinen - 06-11-05 16:43:00,10 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Antti Hyv?rinen\Ty?p?yt?"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Inetget2
C:\Program Files\Common Files\{3C6C1D88-0BC6-1035-0108-040401210166}
((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))
2006-11-02 17:39 153,144 --a------ C:\ewido_micro.exe
2006-10-13 12:38 52,224 --a------ C:\WINDOWS\system32\Crypserv.exe
2006-10-13 12:38 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2006-10-13 12:38 24,608 --a------ C:\WINDOWS\system32\Ckldrv.sys
2006-10-13 12:38 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2006-10-13 12:38 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2006-10-13 12:38 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2006-10-11 18:01 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2006-10-11 18:01 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2006-10-11 18:01 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2006-10-11 18:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2006-10-11 18:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2006-10-11 18:01 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2006-10-07 15:01 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-07 15:01 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-07 15:01 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-05 16:43 -------- d-------- C:\Program Files\Common Files
2006-11-05 11:11 -------- d-------- C:\Program Files\Tietoturva
2006-11-02 19:07 -------- d-------- C:\Program Files\Internet
2006-10-30 22:11 -------- d-------- C:\Program Files\DATA 4.0
2006-10-30 22:11 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-26 17:10 -------- d-------- C:\Program Files\Xinox Software
2006-10-26 16:56 -------- d-------- C:\Program Files\Java
2006-10-26 16:55 -------- d-------- C:\Program Files\netbeans-5.0
2006-10-26 16:51 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-21 19:07 434320 --a------ C:\Documents and Settings\Antti Hyv?rinen\Application Data\NMM-MetaData.db
2006-10-15 17:06 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\Adobe
2006-10-15 14:06 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\Datalayer
2006-10-14 15:22 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 19:07 -------- d-------- C:\Program Files\Sonera
2006-10-13 12:38 -------- d-------- C:\Program Files\Common Files\TreeAge
2006-10-13 07:57 -------- d-------- C:\Program Files\WIDCOMM
2006-10-13 07:41 -------- d-------- C:\Program Files\Hyoty
2006-10-11 18:11 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\Nokia
2006-10-11 18:02 -------- d-------- C:\Program Files\DIFX
2006-10-11 18:02 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-10-11 18:02 -------- d-------- C:\Program Files\Common Files\Nokia
2006-10-11 18:01 -------- d-------- C:\Program Files\Nokia
2006-10-11 15:59 -------- d---s---- C:\Documents and Settings\Antti Hyv?rinen\Application Data\Microsoft
2006-10-07 15:16 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\DivX
2006-10-07 15:01 -------- d-------- C:\Program Files\DivX
2006-10-07 14:32 -------- d-------- C:\Program Files\AviSynth 2.5
2006-10-03 21:03 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\TrueCrypt
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-01 11:13 -------- d-------- C:\Documents and Settings\Antti Hyv?rinen\Application Data\Canon
2006-09-24 13:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 13:09 -------- d-------- C:\Program Files\Hiiret ja Ohjaimet
2006-09-24 12:23 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-09 15:45 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-09 09:41 -------- d-------- C:\Program Files\3D_Modeling
2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 01:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"=""
"Spamihilator"="\"C:\\Program Files\\Tietoturva\\Spamihilator\\spamihilator.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Omnipage"="C:\\Program Files\\Hiiret ja Ohjaimet\\Scansoft\\Omni\\opware32.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"CTHelper"="CTHELPER.EXE"
"CTSysVol"="C:\\Program Files\\Multimedia\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Multimedia\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"F-Secure Manager"="\"C:\\Program Files\\Sonera Tietoturva2\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Sonera Tietoturva2\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Sonera Tietoturva2\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Sonera Tietoturva2\\FSGUI\\ispnews.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"iTunesHelper"="\"C:\\Program Files\\Multimedia\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"razer"="C:\\Program Files\\Hiiret ja Ohjaimet\\RazerII\\razerhid.exe"
"Copperhead"="C:\\Program Files\\Hiiret ja Ohjaimet\\RazerII\\razerhid.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,2e,02,00,00,b7,00,00,00,90,00,00,00,70,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-05 16:43:49.75
C:\ComboFix.txt ... 06-11-05 16:43
=========================================================
Ja tässä HijackThis loki:
Logfile of HijackThis v1.99.1
Scan saved at 16:46:21, on 5.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva2\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sonera Tietoturva2\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva2\Common\FAMEH32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Multimedia\iTunes\iTunesHelper.exe
C:\Program Files\Sonera Tietoturva2\FSGUI\fsguidll.exe
C:\Program Files\Multimedia\iPod\bin\iPodService.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Tietoturva\Spamihilator\spamihilator.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razertra.exe
C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerofa.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Tiedostot\Common Zip\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Hyoty\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Hiiret ja Ohjaimet\Scansoft\Omni\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Multimedia\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Multimedia\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva2\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva2\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Multimedia\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [razer] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Hiiret ja Ohjaimet\RazerII\razerhid.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Tietoturva\Spamihilator\spamihilator.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Hyoty\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva2\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva2\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.uku.fi:20...s/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://avustaja.sonera.fi/sdccommon/download/tgctlcm.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1134167571625
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva2\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\Multimedia\iPod\bin\iPodService.exe
O23 - Service: Ql1pateser - Sonic Solutions - (no file)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
|
AfterDawn Addict
|
5. marraskuuta 2006 @ 12:29 |
Linkki tähän viestiin
|
|
Näyttäis olevan ok. Vielä ongelmia?
Ei HjT-lokeja tms. yksityisviestillä!
|
|
KIA
Junior Member
|
5. marraskuuta 2006 @ 12:33 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti -kemisti-:
Näyttäis olevan ok. Vielä ongelmia?
No nyt äsken uudelleen käynnistyessä ei tullut enää tuota update.exe herjaa puuttuvasta services.dll:stä.
Eli ilmeisesti tuo combofix korjasi jotain... Uteliaisuuttani kysyn vielä, oli tuo updreg.exe jokin virus tms?
Kiitokset avusta joka tapauksessa!!
|
|
Mainos
|
|
|
AfterDawn Addict
|
5. marraskuuta 2006 @ 12:38 |
Linkki tähän viestiin
|
Ei HjT-lokeja tms. yksityisviestillä!
|
|
