popuppeja satelee

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

keskiviikko 12.11.2025 / 09:04

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > popuppeja satelee

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

popuppeja satelee

Siirry:

Kirjoittaja

Viesti

NHK

Newbie

17. toukokuuta 2007 @ 17:51

Linkki tähän viestiin

Poistin koneeltani äskettäin RETADPU173:sen käyttämällä Prevx1:stä

Pop-uppeja tulee vieläkin enkä löydää mitään käyttämällä Norman virusscannia ja Ad-Awarea. Löytyisikö täältä apua? Tässä olisi HjT-loki

Logfile of HijackThis v1.99.1
Scan saved at 21:50:28, on 17.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Diablo II\D2Loader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Mikko\Työpöytä\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V13\ATLIECP.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V13\Atlscript.html
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V13\AtlscriptEdit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V13\Atlscript.html
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B92ED4F-1BDD-4EE4-BDD1-CD4B65553AAA}: NameServer = 193.229.0.40,193.229.0.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B92ED4F-1BDD-4EE4-BDD1-CD4B65553AAA}: NameServer = 193.229.0.40,193.229.0.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

[ + lainaa]

Auttaja

Suspended permanently

17. toukokuuta 2007 @ 18:45

Linkki tähän viestiin

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

NHK

Newbie

18. toukokuuta 2007 @ 16:21

Linkki tähän viestiin

Tässä olisi combofixin loki. Pop-uppeja ei kuitenkaan tule enää, kuulin tuttavalta AVG:sta ja scannasin sillä koneen. Mutta tässä tämä logi kumminkin-->

Lainaus:
"Mikko" - 2007-05-18 19:58:37 Service Pack 2
ComboFix 07-05.17.6.V - Running from: "C:\Documents and Settings\Mikko\Ty?p?yt?\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\vbzip11.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Program Files\inetget2
C:\Temp\tn3

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\core

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))

2007-05-17 22:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 07:05 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2007-05-16 07:05 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2007-05-15 23:48 <KANSIO> d-------- C:\Program Files\Greatis
2007-05-15 23:33 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-13 22:49 <KANSIO> d-------- C:\DOCUME~1\Mikko\APPLIC~1\MusicIP
2007-05-13 22:47 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-05-13 19:25 <KANSIO> d-------- C:\DOCUME~1\Mikko\APPLIC~1\Ahead
2007-05-13 19:23 <KANSIO> d-------- C:\Program Files\Nero
2007-05-13 19:23 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-05-12 23:59 <KANSIO> d-------- C:\Program Files\Penumbra
2007-05-12 17:35 <KANSIO> d-------- C:\Program Files\PowerISO
2007-05-07 07:40 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\K?ynnist?-valikko
2007-05-07 07:36 18,488 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2007-05-03 11:55 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-03 11:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-03 10:50 <KANSIO> d-------- C:\Program Files\Sierra
2007-05-01 17:25 <KANSIO> d-------- C:\WINDOWS\ShellNew
2007-05-01 17:25 <KANSIO> d-------- C:\Program Files\AutoIt3
2007-05-01 16:52 <KANSIO> d-------- C:\temp
2007-05-01 16:43 <KANSIO> d-------- C:\WINDOWS\mm.BOT
2007-05-01 16:43 <KANSIO> d-------- C:\Program Files\mm.BOT
2007-04-30 21:25 <KANSIO> d-------- C:\Program Files\FLVPlayer
2007-04-25 19:08 <KANSIO> d-------- C:\WINDOWS\vbSkinner
2007-04-24 19:41 <KANSIO> d-------- C:\Program Files\Knight Online
2007-04-21 15:13 <KANSIO> d-------- C:\Program Files\HyperJoin

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-18 16:23:46 -------- d-----w C:\Program Files\StepMania
2007-05-18 16:21:11 -------- d-----w C:\Program Files\Diablo II
2007-05-18 09:40:22 -------- d-----w C:\DOCUME~1\Mikko\APPLIC~1\uTorrent
2007-05-17 13:51:19 -------- d-----w C:\Program Files\SwiftSwitch
2007-05-16 12:39:55 -------- d-----w C:\Program Files\uTorrent
2007-05-15 11:48:37 -------- d-----w C:\Program Files\Combined Community Codec Pack
2007-05-13 19:49:18 -------- d-----w C:\Program Files\Winamp
2007-05-12 15:12:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-12 14:45:28 -------- d-----w C:\Program Files\Bethesda Softworks
2007-05-10 07:36:46 -------- d-----w C:\Program Files\mIRC
2007-05-07 15:23:18 36,798 ----a-w C:\WINDOWS\DIIUnin.dat
2007-05-03 07:48:32 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-25 17:16:25 -------- d-----w C:\DOCUME~1\Mikko\APPLIC~1\Azureus
2007-04-10 09:21:07 -------- d-----w C:\Program Files\Steam
2007-04-09 16:16:36 -------- d-----w C:\DOCUME~1\Mikko\APPLIC~1\dvdcss
2007-04-08 09:27:19 -------- d-----w C:\Program Files\StealthBot
2007-04-06 06:08:01 -------- d-----w C:\Program Files\LimeWire
2007-03-28 06:15:52 -------- d-----w C:\Program Files\Audacity
2007-03-26 12:16:09 76,688 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-03-26 12:16:09 377,476 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-03-26 10:21:59 -------- d-----w C:\DOCUME~1\Mikko\APPLIC~1\Leadertech
2007-03-26 10:18:33 0 ----a-w C:\WINDOWS\PowerReg.dat
2007-03-23 11:50:08 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-03-23 11:50:08 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-03-23 11:27:16 -------- d-----w C:\Program Files\AGEIA Technologies
2007-03-23 11:15:40 -------- d-----w C:\Program Files\Monte Cristo
2007-03-19 14:55:25 -------- d-----w C:\Program Files\ATLAS V13
2007-03-19 14:53:56 -------- d-----w C:\DOCUME~1\Mikko\APPLIC~1\Fujitsu
2007-03-19 14:53:21 256 ---ha-w C:\WINDOWS\system32\LTAW13FN.BIN
2007-03-19 14:53:21 256 ---ha-w C:\WINDOWS\system32\FJLTATHI.BIN
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 15:44:05 -------- d-----w C:\Program Files\Gabest
2007-03-13 18:15:56 -------- d-----w C:\Program Files\Azureus
2007-03-11 17:53:31 52,736 ----a-w C:\WINDOWS\ipuninst.exe
2007-03-11 13:58:23 -------- d-----w C:\Program Files\Final Fantasy VII
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{3C6301ED-0F78-4AF2-8150-D9C052361A8E}=C:\Program Files\ATLAS V13\ATLIECP.DLL [2006-07-13 04:05]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 09:55]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 10:09]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 15:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 21:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-18 20:09:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-18 20:14:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-18 20:14

--- E O F ---

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > popuppeja satelee


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.