|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Mirc-ongelma (ei mirciä koneessa edes)
|
|
|
reponen
Newbie
|
4. tammikuuta 2007 @ 07:55 |
Linkki tähän viestiin
|
Koneen käynnisttyessä MIrc hyökkää päälle.. ?
Virus ? Trojan ?
Latasin vertaisverkosta BSPlayerin ja taisi tulle sen mukana paskoa..
Tuossa HjT-logi:
Logfile of HijackThis v1.99.1
Scan saved at 12:52:02, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\softreg\svchost.exe
E:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\program files\creative\AudioHQ\AHQTB.EXE
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Progs\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKCU\..\Run: [ezlink] "C:\Program Files\EzLink\ezlink.exe" -service_start -background
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: HDDlife.lnk = E:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Outpost Firewall.lnk = E:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
tomato71
Suspended due to non-functional email address
|
4. tammikuuta 2007 @ 17:33 |
Linkki tähän viestiin
|
Moi!
Siirrä HijackThis.exe omaan kansioon C:\HJT\HijackThis.exe
Koneella kaksi Palomuuria,vain yksi softamuuri koneella .Poista toinen
1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin(C:\Combofix.txt) . Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä uusi HjT-loki ja Combofix-loki
|
|
reponen
Newbie
|
4. tammikuuta 2007 @ 18:12 |
Linkki tähän viestiin
|
Agnitum Outpostin poistin (Magic Utilitiesilla) varmaan parisen kuukautta sitten ja vaihdon tuohon Jeticoon.
Tainnut jäädä jotain.. (otin tuon yhden pikakuvakeen pois, ja Agnitum-kansion poistin)
Onkos nyt kaikki OK ?
(-edit- boottasin, ja vielä MIrc yrittää päälle, (tai siis menee päälle kun klikkaa sitä että kokeiluaika-OK (tms.) nappia, mutta poistin MIrcistä kaikki asetukset ettei pääse enää mihinkään undernet.org-osoitteisiin (joihin yrittää) tai mihinkään yleensäkään)
Eli tuossa HjT-logi:
Logfile of HijackThis v1.99.1
Scan saved at 23:07:23, on 4.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
e:\program files\creative\AudioHQ\AHQTB.EXE
E:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKCU\..\Run: [ezlink] "C:\Program Files\EzLink\ezlink.exe" -service_start -background
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Ja tässä tuon Combofixin logi:
?ss? - 07-01-04 23:05:12,56 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\?ss?"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))
2007-01-04 22:58 <DIR> d-------- C:\HJT
2007-01-04 21:36 <DIR> d-------- C:\Documents and Settings\?ss?\.housecall6.6
2007-01-01 21:52 64,512 --ah----- C:\Documents and Settings\?ss?\Application Data\dach100.dll
2006-12-31 20:13 <DIR> d-------- C:\WINDOWS\system32\softreg
2006-12-31 20:13 <DIR> d-------- C:\Program Files\Webteh
2006-12-31 20:13 <DIR> d-------- C:\Documents and Settings\?ss?\Application Data\BSplayer Pro
2006-12-27 21:46 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-27 21:46 <DIR> d-------- C:\Program Files\ATI Technologies
2006-12-27 21:43 <DIR> d-------- C:\ATI
2006-12-27 21:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-12-27 21:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-27 21:10 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-12-27 21:10 2,829,824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-27 21:09 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2006-12-27 19:51 <DIR> d-------- C:\Documents and Settings\?ss?\Application Data\atitray
2006-12-27 13:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-21 12:03 <DIR> d-------- C:\Documents and Settings\?ss?\Application Data\BinarySense
2006-12-20 12:09 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2006-12-20 12:08 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2006-12-20 12:08 248,064 --a------ C:\WINDOWS\UNINST16.EXE
2006-12-15 20:03 <DIR> d-------- C:\Documents and Settings\?ss?\Application Data\Ahead
2006-12-15 19:59 <DIR> d-------- C:\Program Files\Nero
2006-12-10 13:50 <DIR> dr-h----- C:\Documents and Settings\?ss?\Recent
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-04 23:05 -------- d-------- C:\Documents and Settings\?ss?\Application Data\uTorrent
2007-01-04 22:52 64512 --ah----- C:\Documents and Settings\?ss?\Application Data\dach100.dll
2007-01-04 22:51 -------- d-------- C:\Program Files\EzLink
2007-01-04 14:10 -------- d-------- C:\Program Files\Internet Explorer
2007-01-04 14:03 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2007-01-04 13:16 -------- d-------- C:\Documents and Settings\?ss?\Application Data\BSplayer Pro
2007-01-01 01:48 -------- d-------- C:\Documents and Settings\?ss?\Application Data\OpenOffice.org2
2006-12-27 22:01 -------- d---s---- C:\Documents and Settings\?ss?\Application Data\Microsoft
2006-12-27 21:58 -------- d-------- C:\Documents and Settings\?ss?\Application Data\ATI
2006-12-27 21:46 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-27 21:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-27 19:51 -------- d-------- C:\Documents and Settings\?ss?\Application Data\atitray
2006-12-21 12:03 -------- d-------- C:\Documents and Settings\?ss?\Application Data\BinarySense
2006-12-19 20:15 -------- d-------- C:\Documents and Settings\?ss?\Application Data\Ahead
2006-12-15 20:04 -------- d-------- C:\Program Files\Common Files\Ahead
2006-12-15 11:18 -------- d-------- C:\Program Files\Outlook Express
2006-12-15 11:18 -------- d-------- C:\Program Files\Common Files\System
2006-12-14 21:55 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-14 21:55 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-12-07 07:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 18:12 -------- d-------- C:\Documents and Settings\?ss?\Application Data\Jetico Personal Firewall
2006-11-24 18:09 -------- d-------- C:\Program Files\Jetico
2006-11-24 18:07 -------- d-------- C:\Program Files\Kerio
2006-11-22 21:20 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 05:25 261120 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-11-22 05:20 118784 --------- C:\WINDOWS\system32\atipdlxx.dll
2006-11-22 05:20 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-11-22 05:19 90112 --------- C:\WINDOWS\system32\ati2evxx.dll
2006-11-22 05:19 42496 --------- C:\WINDOWS\system32\ati2edxx.dll
2006-11-22 05:19 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-22 05:18 430080 --------- C:\WINDOWS\system32\ati2evxx.exe
2006-11-22 05:17 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-11-22 05:12 2526688 --------- C:\WINDOWS\system32\ati3duag.dll
2006-11-22 05:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-11-22 05:08 1090016 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-11-22 04:57 217088 --------- C:\WINDOWS\system32\atikvmag.dll
2006-11-22 04:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-11-22 04:51 294912 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-11-22 04:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-11-22 04:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-22 04:21 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-21 18:14 -------- d-------- C:\Documents and Settings\?ss?\Application Data\fretsonfire
2006-11-12 22:51 -------- d-------- C:\Program Files\Java
2006-11-08 11:04 -------- d-------- C:\Documents and Settings\?ss?\Application Data\Real
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files\Real
2006-11-08 00:24 -------- d-------- C:\Program Files\Common Files
2006-11-08 00:23 -------- d-------- C:\Program Files\Real
2006-11-05 18:07 -------- d-------- C:\Documents and Settings\?ss?\Application Data\AdobeUM
2006-10-19 15:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 14:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PeerGuardian"=""
"ezlink"="\"C:\\Program Files\\EzLink\\ezlink.exe\" -service_start -background"
"µTorrent"="\"E:\\Program Files\\uTorrent\\utorrent.exe\""
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"DU Meter"="E:\\Program Files\\DU Meter\\DUMeter.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="e:\\Program Files\\Google\\Gmail Notifier\\G001-1.0.25.0\\gnotify.exe"
"PCI Audio Applications"="G:\\Drivers\\Audio\\C-Media\\W2K-ME\\app\\Setup.exe"
"C-Media Mixer"="Mixer.exe /startup"
"Logitech Utility"="Logi_MwX.Exe"
"MBM 5"="\"E:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"DiskeeperSystray"="\"E:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"DAEMON Tools"="\"e:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Microsoft M.S.N. Services"="msnmm.exe"
"AudioHQ"="e:\\program files\\creative\\AudioHQ\\AHQTB.EXE"
"OutpostFeedBack"="e:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
"JeticoPFStartup"="\"C:\\Program Files\\Jetico\\Jetico Personal Firewall\\fwsrv.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft M.S.N. Services"="msnmm.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,01,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,01,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"NoInstrumentation"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="feedback"
"hkey"="HKLM"
"command"="E:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-04 23:06:11.78
C:\ComboFix.txt ... 07-01-04 23:06
"epämukavaa ?
sepä mukavaa !"
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. tammikuuta 2007 @ 18:28
|
|
reponen
Newbie
|
4. tammikuuta 2007 @ 18:58 |
Linkki tähän viestiin
|
|
Ja netti tuntuu katkeavan noin 15min päästä koneen uudelleenkäynnistämisestä ?
Ja pätkii tällöin on/off välillä muutamiksi sekunneiksi ?
Palveluntarjoajassako vika tähän ?
Nyt alkaa jo harmittaa. :D
Kiitokset kaikista neuvoista jo etukäteisesti !
"epämukavaa ?
sepä mukavaa !"
|
|
tomato71
Suspended due to non-functional email address
|
5. tammikuuta 2007 @ 06:45 |
Linkki tähän viestiin
|
Moi!
Tuo mIRC mikä on kummitellu on ns.Backdoor örkki.Olisi hyvä vaihtaa
kaikki käyttäjätunnukset ja salasanat.Jos olet verkkopankkia tai luottokorttia verkossa niin kannattais tarkkailla kuitit ja ottaa yhteyttä pankkiin /luottoyhtiöön
Tee uusi HjT-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: run=C:\WINDOWS\system32\softreg\svchost.exe
O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
[*]1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli.
[*]2.Valitse "Kansion asetukset"
[*]3.Siirry "Näytä välilehdelle"
[*]4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot."
[
[*]Käynnistä tietokone
[*]Kun kuulet koneen piippaavan, paina[color=blue] F8[/color], kuitenkin ennen Windowsin logon esiintuloa
[*]Seuraavaksi pitäisi ilmestyä valikko
[*]Valitse valikosta vikasietotila.
Poista seuraavat kansiot: C:\WINDOWS\system32\softreg\
e:\Program Files\Agnitum
Sitten käytä Windowsin "Etsi" toimintoa.
Käynnistä-valikko "Etsi"
->Lisävaihtoehdot
->Raksi seuraaviin:
-Etsi järjestelmäkansioista
-Etsi piilotiedostoista ja -kansioista
-Etsi alikansioista
->Hakusanaksi msnmm.exe
Poista jos löytyy
* Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
[list]
Käynnistä kone vikasietotilaan
[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: 
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:
Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report
[*]Tallenna raportti työpöydälle. Raportin nimi on [b]DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
Lähetä uusi HjT-loki ja DrWeb-loki
|
|
reponen
Newbie
|
5. tammikuuta 2007 @ 12:25 |
Linkki tähän viestiin
|
Ei hyökkää enää alussa mIRC.
Kiitos jo tähän astisesta avusta.
Tässä HjT-logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:20:47, on 5.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
e:\program files\creative\AudioHQ\AHQTB.EXE
E:\Program Files\DU Meter\DUMeter.exe
E:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
e:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Integrator.exe
E:\Program Files\Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis_v1.99.1.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - e:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - e:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [PCI Audio Applications] G:\Drivers\Audio\C-Media\W2K-ME\app\Setup.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AudioHQ] e:\program files\creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "E:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: AntiCrash.lnk = E:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = E:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = E:\Program Files\Dachshund Software\Zoom\Zoom.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{182AE1D0-8976-496A-8515-FA5D2B49657D}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
---------------------------------------------------------------
Ja tässä Tuo DR.Webin logi:
Gta2.exe D:\Pelit\UUSI\CRAPOLI\GTA.2 BackDoor.Noknok.50 Deleted.
revolt_nocd.exe D:\Pelit\UUSI\CRAPOLI\Re-Volt-BACKLASH\REVOLT.NO-CD.PATCH Tool.GameCrack Incurable.Moved.
A0107781.exe D:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 BackDoor.Noknok.50 Deleted.
EZLINK.EXE C:\Program Files\EzLink Probably BACKDOOR.Trojan
A0107745.exe C:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 Program.mIRC.617 Incurable.Moved.
A0107803.EXE C:\System Volume Information\_restore{CBA37D18-734B-480A-BBBB-191E137BBB2C}\RP633 Probably BACKDOOR.Trojan Incurable.Moved.
"epämukavaa ?
sepä mukavaa !"
|
|
tomato71
Suspended due to non-functional email address
|
5. tammikuuta 2007 @ 15:11 |
Linkki tähän viestiin
|
|
Loki on puhdas,Drweb poisti viimesetkin örkit ja vähän muutakin
Jos tuo Ezlink.exe on jonkun tärkeän ohjelma osa niin sen saa palautettu
täältä -->Omatietokone -->c: asema -->Documents and Settings ---> kansio mikä on käyttäjätilin niminen -->DoctorWeb --->Quarantine
|
|
reponen
Newbie
|
5. tammikuuta 2007 @ 15:14 |
Linkki tähän viestiin
|
|
Tuon Ezlinkin poistinkin kokonaan. (DVD-soittimelle LAN-soitin tms.)
Kiitos !
"epämukavaa ?
sepä mukavaa !"
|
|
tomato71
Suspended due to non-functional email address
|
5. tammikuuta 2007 @ 15:37 |
Linkki tähän viestiin
|
|
Ole Hyvä :)
|
|
devol
Newbie
|
10. tammikuuta 2007 @ 18:40 |
Linkki tähän viestiin
|
Kiitos hyvistä ohjeista... Norton, Ad-Aware tai Spybot ei mahtanut kyseiselle haittaohjelmalle mitään!
Itselläni ei kyllä löytynyt alunperinkään näitä:
Agnitum-kansio
msnmm.exe
Ezlink.exe
Eikä rekisteristä myöskään:
-O4 - HKLM\..\Run: [Microsoft M.S.N. Services] msnmm.exe
-O4 - HKLM\..\Run: [OutpostFeedBack] e:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
-O4 - HKLM\..\RunServices: [Microsoft M.S.N. Services] msnmm.exe
Taitaa olla oma konekin puhdas nyt... :)
|
|
Mainos
|
|
|
|
tomato71
Suspended due to non-functional email address
|
11. tammikuuta 2007 @ 06:26 |
Linkki tähän viestiin
|
@devol
Ne ei oikee sillee toimi nää HjT-lokit .Joka koneesta tulee erinäköinen
loki ja nuo virukset yleensä keksii itselleen ihan satunnaisia nimiä.
Jos epäilet virusta niin ota HjT-loki ja avaa oman viestiketjun niin joku sen varmaan tutkii. :)
|
|
