|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HjT logi. Kone ja netti hidastelee
|
|
|
Vancet
Junior Member
|
8. heinäkuuta 2007 @ 09:48 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 13:47:11, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\My_Server.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\taskmang.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Hijack This\Pommi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKLM\..\RunServices: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\RunServices: [Auto Update Machine] taskmang.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
|
|
Auttaja
Suspended permanently
|
8. heinäkuuta 2007 @ 10:00 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
myös uusi hjtlogi
|
|
Vancet
Junior Member
|
8. heinäkuuta 2007 @ 13:10 |
Linkki tähän viestiin
|
SDFix: Version 1.85
Run by Janne - su 08.07.2007 - 15:59:34,90
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\backWeb-7681197.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\backWeb-7681197.exe:*:Disabled:backWeb-7681197"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\DCPlusPlus\\DCPlusPlus.exe"="C:\\Program Files\\DCPlusPlus\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Steam\\steamapps\\trikkeri\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\trikkeri\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\trikkeri\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\trikkeri\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Nokia\\Update_Manager\\bin\\UMClient.exe"="C:\\Nokia\\Update_Manager\\bin\\UMClient.exe:*:Enabled:Nokia Update Manager"
"E:\\hl2.exe"="E:\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\Steamengine.exe"="C:\\Program Files\\Steam\\Steamengine.exe:*:Enabled:Steamengine"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Suorita DLL sovelluksena"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\taskmang.exe"="C:\\WINDOWS\\system32\\taskmang.exe:*:Disabled:taskmang"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Janne\SendTo\WLM - trikker24@gmail.com\Desktop.ini
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bccdcc7_r.dll
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\My_Server.exe
C:\WINDOWS\system32\taskmang.exe
C:\SDFix\SDFix\dummy.sys
C:\WINDOWS\txk.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\141dba2c46ac27fe0d0d6d46ba4dbf07\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5f3167d0b3258a70247d25e50ae22a53\download\BITFA.tmp
Finished
Sit HjT:
Logfile of HijackThis v1.99.1
Scan saved at 17:10:07, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmang.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\Pommi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKLM\..\RunServices: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\RunServices: [Auto Update Machine] taskmang.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
|
|
Auttaja
Suspended permanently
|
8. heinäkuuta 2007 @ 13:40 |
Linkki tähän viestiin
|
Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O4 - HKLM\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKLM\..\RunServices: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\Run: [Auto Update Machine] taskmang.exe
O4 - HKCU\..\RunServices: [Auto Update Machine] taskmang.exe
Tässä ohje miten merkataan:
===========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
|
|
Vancet
Junior Member
|
8. heinäkuuta 2007 @ 14:51 |
Linkki tähän viestiin
|
"Janne" - 2007-07-08 18:35:14 - ComboFix 07-07-07.3 - Service Pack 2
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvvu.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\WINDOWS\exefld
((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))
2007-07-07 19:25 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-07 18:25 <KANSIO> d-------- C:\GTA San Andreas User Files
2007-07-06 22:22 <KANSIO> d-------- C:\07950665d66295ad2ce21953b359410c
2007-07-05 15:04 205,249 ---hs---- C:\WINDOWS\system32\My_Server.exe
2007-07-05 14:42 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-05 14:21 <KANSIO> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-05 12:32 23 --ahs---- C:\WINDOWS\system32\bccdcc7_r.dll
2007-07-05 12:22 <KANSIO> d-------- C:\Program Files\CleanMyPC
2007-07-05 10:46 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-04 17:59 218 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-07-04 17:52 <KANSIO> d-------- C:\Program Files\Xingtone
2007-07-04 17:14 106,496 --a------ C:\WINDOWS\acufutls.dll
2007-07-04 17:14 <KANSIO> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-04 17:13 <KANSIO> d-------- C:\Program Files\Acoustica Beatcraft
2007-07-04 16:56 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Renegade Minds
2007-07-04 16:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EarMaster
2007-07-04 16:32 937 ---h----- C:\WINDOWS\txk.sys
2007-07-04 16:31 <KANSIO> d-------- C:\Program Files\ChordSearch
2007-07-02 01:09 <KANSIO> dr-h----- C:\DOCUME~1\Janne\APPLIC~1\SecuROM
2007-07-02 01:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-02 01:05 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-02 01:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-02 01:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-02 01:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-02 01:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-02 00:58 <KANSIO> d-------- C:\Program Files\Ubisoft
2007-06-28 18:43 <KANSIO> d-------- C:\ca170bb9ce65c6ba016230
2007-06-27 22:46 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-06-27 16:35 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Datalayer
2007-06-27 16:07 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\HP
2007-06-27 16:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-27 16:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-27 15:54 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-27 15:20 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-27 15:20 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-27 15:20 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-27 15:20 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-27 15:20 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-27 15:20 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-27 15:19 <KANSIO> d-------- C:\Program Files\HP
2007-06-25 18:36 <KANSIO> d-------- C:\Program Files\Ares
2007-06-22 09:04 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-06-21 19:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-21 19:34 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-21 19:34 <KANSIO> d-------- C:\SIERRA
2007-06-19 09:33 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-06-13 09:35 <KANSIO> d-------- C:\Program Files\Steam-Down
2007-06-12 21:55 <KANSIO> d-------- C:\Program Files\Windows Live
2007-06-08 22:45 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\GanymedeNet
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-08 15:32:51 -------- d-----w C:\Program Files\Hijack This
2007-07-08 08:41:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 21:09:18 -------- d-----w C:\Program Files\Google
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\system32\msvcsv60.dll
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\msocreg32.dat
2007-07-07 15:28:26 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-06 22:46:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\X-Chat 2
2007-07-05 21:36:43 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Google
2007-07-05 14:36:14 -------- d-----w C:\Program Files\Steam
2007-07-05 12:07:41 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\uTorrent
2007-07-02 09:33:49 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Tracktion
2007-07-02 09:23:11 -------- d-----w C:\Program Files\Tracktion2
2007-07-01 22:09:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-29 09:32:07 -------- d-----w C:\Program Files\DCPlusPlus
2007-06-28 21:22:10 -------- d-----w C:\Program Files\WinTV
2007-06-28 10:35:30 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-27 22:37:02 76,842 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-27 22:37:02 378,280 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-22 06:00:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 21:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 18:55:04 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-08 19:51:45 6,342 ----a-w C:\WINDOWS\mozver.dat
2007-06-06 15:00:14 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-05 09:24:39 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\InterVideo
2007-06-05 09:22:55 -------- d-----w C:\Program Files\InterVideo
2007-06-05 08:09:26 -------- d-----w C:\Program Files\ATI Technologies
2007-06-04 06:38:06 -------- d-----w C:\Program Files\UOAM
2007-06-04 06:37:23 -------- d-----w C:\Program Files\Power Tab Software
2007-06-04 06:37:09 -------- d-----w C:\Program Files\PMPro Mobile Phone Video Converter
2007-06-04 06:36:52 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-04 06:36:47 -------- d-----w C:\Program Files\Nokia
2007-06-04 06:35:36 -------- d--h--w C:\Program Files\Zero G Registry
2007-06-04 06:33:50 -------- d-----w C:\Program Files\LastChaosMal
2007-06-04 06:20:29 -------- d-----w C:\Program Files\Hamachi
2007-06-03 19:10:06 -------- d-----w C:\Program Files\Conquer 2.0
2007-06-03 19:09:25 -------- d-----w C:\Program Files\eMule
2007-06-03 18:42:07 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-02 20:04:59 106 ----a-w C:\delete.bat
2007-05-22 04:26:31 -------- d-----w C:\Program Files\Theme Studio
2007-05-22 04:22:47 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 18:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-05-17 16:29:11 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:42:55 -------- d-----w C:\Program Files\AviSynth 2.5
2007-05-08 12:48:44 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Nokia
2007-04-29 15:36:54 471,040 ----a-w C:\WINDOWS\Metallica Screensaver.scr
2007-04-29 15:36:51 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 11:58:43 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-02-07 17:15:04 277,142 --sha-w C:\WINDOWS\system32\mllml.dll.vir
2004-09-14 23:12:02 1,366,528 --sh--r C:\WINDOWS\system32\taskmang.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2423872 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F2F006DD302D}
C:\WINDOWS\system32\My_Server.exe
Contents of the 'Scheduled Tasks' folder
2007-07-07 15:15:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-08 15:08:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 18:43:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 18:45:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 18:45
C:\ComboFix2.txt ... 2007-06-02 12:53
--- E O F ---
Jos HjT tarvitaan niin tässä:
Logfile of HijackThis v1.99.1
Scan saved at 18:51:18, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\Pommi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
|
|
Auttaja
Suspended permanently
|
8. heinäkuuta 2007 @ 15:07 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bccdcc7_r.dll
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\My_Server.exe
C:\WINDOWS\system32\taskmang.exe
Folder::
C:\07950665d66295ad2ce21953b359410c
C:\Program Files\Common Files\Macrovision Shared
C:\ca170bb9ce65c6ba016230
Tallenna se nimellä ComboFix-Do.txt
Sitten raahaa ComboFix-Do.txt ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
==========
Ajetaanpas blacklightia.
Lataa ja tallenna Blacklight työpöydällesi;
Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa -> Scan, sitten -> Next
Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).
Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".
=========
Laita piilotiedostot näkyviin ja tarkistuksen jälkeen piiloon takaisin
http://www.virustotal.com tarkista sielä C:\WINDOWS\txk.sys
ja laita tulos seuraavaan vastaukseesi
======
myös uusi hjtlogi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. heinäkuuta 2007 @ 15:07
|
|
Vancet
Junior Member
|
8. heinäkuuta 2007 @ 15:43 |
Linkki tähän viestiin
|
Combofix:
"Janne" - 2007-07-08 19:28:03 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Janne\Ty?p?yt?\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\07950665d66295ad2ce21953b359410c
C:\07950665d66295ad2ce21953b359410c\spmsg.dll
C:\07950665d66295ad2ce21953b359410c\spuninst.exe
C:\07950665d66295ad2ce21953b359410c\spupdsvc.exe
C:\07950665d66295ad2ce21953b359410c\update\eula.txt
C:\07950665d66295ad2ce21953b359410c\update\update.exe
C:\07950665d66295ad2ce21953b359410c\update\update.inf
C:\07950665d66295ad2ce21953b359410c\update\update.ver
C:\07950665d66295ad2ce21953b359410c\update\updspapi.dll
C:\07950665d66295ad2ce21953b359410c\update\wudf01005.cat
C:\07950665d66295ad2ce21953b359410c\update\wudfcustom.dll
C:\07950665d66295ad2ce21953b359410c\wudf_update.inf
C:\07950665d66295ad2ce21953b359410c\wudfcoinstaller.dll
C:\07950665d66295ad2ce21953b359410c\wudfcustom.dll
C:\07950665d66295ad2ce21953b359410c\wudfhost.exe
C:\07950665d66295ad2ce21953b359410c\wudfpf.sys
C:\07950665d66295ad2ce21953b359410c\wudfplatform.dll
C:\07950665d66295ad2ce21953b359410c\wudfrd.sys
C:\07950665d66295ad2ce21953b359410c\wudfsvc.dll
C:\07950665d66295ad2ce21953b359410c\wudfx.dll
C:\ca170bb9ce65c6ba016230
C:\ca170bb9ce65c6ba016230\spmsg.dll
C:\ca170bb9ce65c6ba016230\spuninst.exe
C:\ca170bb9ce65c6ba016230\spupdsvc.exe
C:\ca170bb9ce65c6ba016230\update\eula.txt
C:\ca170bb9ce65c6ba016230\update\update.exe
C:\ca170bb9ce65c6ba016230\update\update.inf
C:\ca170bb9ce65c6ba016230\update\update.ver
C:\ca170bb9ce65c6ba016230\update\updspapi.dll
C:\ca170bb9ce65c6ba016230\update\wudf01005.cat
C:\ca170bb9ce65c6ba016230\update\wudfcustom.dll
C:\ca170bb9ce65c6ba016230\wudf_update.inf
C:\ca170bb9ce65c6ba016230\wudfcoinstaller.dll
C:\ca170bb9ce65c6ba016230\wudfcustom.dll
C:\ca170bb9ce65c6ba016230\wudfhost.exe
C:\ca170bb9ce65c6ba016230\wudfpf.sys
C:\ca170bb9ce65c6ba016230\wudfplatform.dll
C:\ca170bb9ce65c6ba016230\wudfrd.sys
C:\ca170bb9ce65c6ba016230\wudfsvc.dll
C:\ca170bb9ce65c6ba016230\wudfx.dll
C:\Program Files\Common Files\Macrovision Shared
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\fnp_registrations.xml
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\bccdcc7_r.dll
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\My_Server.exe
C:\WINDOWS\system32\taskmang.exe
((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))
2007-07-07 19:25 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-07 18:25 <KANSIO> d-------- C:\GTA San Andreas User Files
2007-07-05 14:42 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-05 12:22 <KANSIO> d-------- C:\Program Files\CleanMyPC
2007-07-05 10:46 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-04 17:59 218 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-07-04 17:52 <KANSIO> d-------- C:\Program Files\Xingtone
2007-07-04 17:14 106,496 --a------ C:\WINDOWS\acufutls.dll
2007-07-04 17:14 <KANSIO> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-04 17:13 <KANSIO> d-------- C:\Program Files\Acoustica Beatcraft
2007-07-04 16:56 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Renegade Minds
2007-07-04 16:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EarMaster
2007-07-04 16:32 937 ---h----- C:\WINDOWS\txk.sys
2007-07-04 16:31 <KANSIO> d-------- C:\Program Files\ChordSearch
2007-07-02 01:09 <KANSIO> dr-h----- C:\DOCUME~1\Janne\APPLIC~1\SecuROM
2007-07-02 01:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-02 01:05 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-02 01:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-02 01:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-02 01:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-02 01:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-02 00:58 <KANSIO> d-------- C:\Program Files\Ubisoft
2007-06-27 22:46 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-06-27 16:35 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Datalayer
2007-06-27 16:07 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\HP
2007-06-27 16:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-27 16:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-27 15:54 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-27 15:20 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-27 15:20 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-27 15:20 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-27 15:20 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-27 15:20 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-27 15:20 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-27 15:19 <KANSIO> d-------- C:\Program Files\HP
2007-06-25 18:36 <KANSIO> d-------- C:\Program Files\Ares
2007-06-22 09:04 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-06-21 19:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-21 19:34 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-21 19:34 <KANSIO> d-------- C:\SIERRA
2007-06-19 09:33 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-06-13 09:35 <KANSIO> d-------- C:\Program Files\Steam-Down
2007-06-12 21:55 <KANSIO> d-------- C:\Program Files\Windows Live
2007-06-08 22:45 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\GanymedeNet
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-08 16:24:44 -------- d-----w C:\Program Files\DOSBox-0.70
2007-07-08 15:51:18 -------- d-----w C:\Program Files\Hijack This
2007-07-08 08:41:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 21:09:18 -------- d-----w C:\Program Files\Google
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\system32\msvcsv60.dll
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\msocreg32.dat
2007-07-07 15:28:26 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-06 22:46:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\X-Chat 2
2007-07-05 21:36:43 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Google
2007-07-05 14:36:14 -------- d-----w C:\Program Files\Steam
2007-07-05 12:07:41 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\uTorrent
2007-07-02 09:33:49 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Tracktion
2007-07-02 09:23:11 -------- d-----w C:\Program Files\Tracktion2
2007-07-01 22:09:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-29 09:32:07 -------- d-----w C:\Program Files\DCPlusPlus
2007-06-28 21:22:10 -------- d-----w C:\Program Files\WinTV
2007-06-28 10:35:30 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-27 22:37:02 76,842 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-27 22:37:02 378,280 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-22 06:00:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 21:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 18:55:04 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-08 19:51:45 6,342 ----a-w C:\WINDOWS\mozver.dat
2007-06-06 15:00:14 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-05 09:24:39 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\InterVideo
2007-06-05 09:22:55 -------- d-----w C:\Program Files\InterVideo
2007-06-05 08:09:26 -------- d-----w C:\Program Files\ATI Technologies
2007-06-04 06:38:06 -------- d-----w C:\Program Files\UOAM
2007-06-04 06:37:23 -------- d-----w C:\Program Files\Power Tab Software
2007-06-04 06:37:09 -------- d-----w C:\Program Files\PMPro Mobile Phone Video Converter
2007-06-04 06:36:52 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-04 06:36:47 -------- d-----w C:\Program Files\Nokia
2007-06-04 06:35:36 -------- d--h--w C:\Program Files\Zero G Registry
2007-06-04 06:33:50 -------- d-----w C:\Program Files\LastChaosMal
2007-06-04 06:20:29 -------- d-----w C:\Program Files\Hamachi
2007-06-03 19:10:06 -------- d-----w C:\Program Files\Conquer 2.0
2007-06-03 19:09:25 -------- d-----w C:\Program Files\eMule
2007-06-03 18:42:07 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-02 20:04:59 106 ----a-w C:\delete.bat
2007-05-22 04:26:31 -------- d-----w C:\Program Files\Theme Studio
2007-05-22 04:22:47 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 18:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-05-17 16:29:11 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:42:55 -------- d-----w C:\Program Files\AviSynth 2.5
2007-05-08 12:48:44 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Nokia
2007-04-29 15:36:54 471,040 ----a-w C:\WINDOWS\Metallica Screensaver.scr
2007-04-29 15:36:51 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 11:58:43 4,096 ----a-w C:\WINDOWS\d3dx.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2423872 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F2F006DD302D}
C:\WINDOWS\system32\My_Server.exe
Contents of the 'Scheduled Tasks' folder
2007-07-07 15:15:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-08 16:08:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 19:38:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 19:40:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 19:40
C:\ComboFix2.txt ... 2007-07-08 18:45
C:\ComboFix3.txt ... 2007-06-02 12:53
--- E O F ---
|
|
Auttaja
Suspended permanently
|
8. heinäkuuta 2007 @ 16:05 |
Linkki tähän viestiin
|
Ok hyvältä näytttää :)
Näin
Ota ensin rekisteristä näin varmuuskopio:
Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)
Lainaus:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F2F006DD302D}]
Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.
tee sitte noi loppu hommat ja laita ne logit niistäki
|
|
Vancet
Junior Member
|
8. heinäkuuta 2007 @ 16:11 |
Linkki tähän viestiin
|
Blacklightistä tuli työpöydälle vain tämmönen:
07/08/07 19:45:04 [Info]: BlackLight Engine 1.0.64 initialized
07/08/07 19:45:04 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/08/07 19:45:04 [Note]: 7019 4
07/08/07 19:45:04 [Note]: 7005 0
07/08/07 19:45:05 [Note]: 7006 0
07/08/07 19:45:05 [Note]: 7011 1848
07/08/07 19:45:05 [Note]: 7026 0
07/08/07 19:45:05 [Note]: 7026 0
07/08/07 19:45:10 [Note]: FSRAW library version 1.7.1022
07/08/07 19:57:50 [Note]: 2000 1012
07/08/07 19:57:50 [Note]: 2000 1012
07/08/07 19:57:50 [Note]: 2000 1012
07/08/07 19:57:50 [Note]: 7007 0
Sit toi Virustotal:
Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.08.2007 no virus found
Authentium 4.93.8 07.07.2007 no virus found
Avast 4.7.997.0 07.08.2007 no virus found
AVG 7.5.0.476 07.07.2007 no virus found
BitDefender 7.2 07.08.2007 no virus found
CAT-QuickHeal 9.00 07.07.2007 no virus found
ClamAV devel-20070416 07.08.2007 no virus found
DrWeb 4.33 07.08.2007 no virus found
eSafe 7.0.15.0 07.08.2007 no virus found
eTrust-Vet 30.8.3769 07.07.2007 no virus found
Ewido 4.0 07.08.2007 no virus found
FileAdvisor 1 07.08.2007 no virus found
Fortinet 2.91.0.0 07.08.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
Ikarus T3.1.1.8 07.08.2007 no virus found
Kaspersky 4.0.2.24 07.08.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.08.2007 no virus found
NOD32v2 2384 07.08.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.08.2007 no virus found
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.07.2007 no virus found
Symantec 10 07.08.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.07.2007 no virus found
VirusBuster 4.3.23:9 07.08.2007 no virus found
Webwasher-Gateway 6.0.1 07.08.2007 no virus found
Aditional Information
File size: 937 bytes
MD5: 9e52d6fef865a78091bda86624bf3561
SHA1: 8cb4467d2ae4e54df266b8773f5bcb7ca8318618
HjT:
Logfile of HijackThis v1.99.1
Scan saved at 20:11:01, on 8.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\Pommi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. heinäkuuta 2007 @ 16:12
|
|
Auttaja
Suspended permanently
|
8. heinäkuuta 2007 @ 16:31 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:
Lainaus:
Collect::
C:\WINDOWS\txk.sys
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä.
=========
Mene spykilleriin
Klikkaa new topic, anna otsikoksi "Files for you (maybe rootkit)"
Lisää viestiin tämän viestiketjun linkki, sitten liitä zip-tiedosto työpöydältäsi viestiin (jonka combofix loi) ja lähetä viesti.
===========
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
Tarkistetaa viel et oot puhas :)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. heinäkuuta 2007 @ 16:32
|
|
Vancet
Junior Member
|
9. heinäkuuta 2007 @ 10:26 |
Linkki tähän viestiin
|
|
Eipä tullut ComboFixistä mitään zip filua.
|
|
Auttaja
Suspended permanently
|
9. heinäkuuta 2007 @ 10:37 |
Linkki tähän viestiin
|
|
CFScript, tarkistotko että on kirjotettu just noin. laitatko sen tuottaman login niin nähdään, se tosiaan luo zip tiedoston pöydälle.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. heinäkuuta 2007 @ 10:39
|
|
Vancet
Junior Member
|
9. heinäkuuta 2007 @ 12:30 |
Linkki tähän viestiin
|
Logi kyllä tuli mutta zip filua ei.
Tässä logi:
"Janne" - 2007-07-09 16:12:38 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Janne\Ty?p?yt?\CFScript.txt
((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))
2007-07-07 19:25 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-07 18:25 <KANSIO> d-------- C:\GTA San Andreas User Files
2007-07-05 14:42 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-05 12:22 <KANSIO> d-------- C:\Program Files\CleanMyPC
2007-07-05 10:46 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-04 17:59 218 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-07-04 17:52 <KANSIO> d-------- C:\Program Files\Xingtone
2007-07-04 17:14 106,496 --a------ C:\WINDOWS\acufutls.dll
2007-07-04 17:14 <KANSIO> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-04 17:13 <KANSIO> d-------- C:\Program Files\Acoustica Beatcraft
2007-07-04 16:56 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Renegade Minds
2007-07-04 16:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EarMaster
2007-07-04 16:32 937 ---h----- C:\WINDOWS\txk.sys
2007-07-04 16:31 <KANSIO> d-------- C:\Program Files\ChordSearch
2007-07-02 01:09 <KANSIO> dr-h----- C:\DOCUME~1\Janne\APPLIC~1\SecuROM
2007-07-02 01:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-02 01:05 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-02 01:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-02 01:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-02 01:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-02 01:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-02 00:58 <KANSIO> d-------- C:\Program Files\Ubisoft
2007-06-27 22:46 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-06-27 16:35 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Datalayer
2007-06-27 16:07 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\HP
2007-06-27 16:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-27 16:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-27 15:54 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-27 15:20 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-27 15:20 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-27 15:20 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-27 15:20 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-27 15:20 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-27 15:20 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-27 15:19 <KANSIO> d-------- C:\Program Files\HP
2007-06-25 18:36 <KANSIO> d-------- C:\Program Files\Ares
2007-06-22 09:04 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-06-21 19:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-21 19:34 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-21 19:34 <KANSIO> d-------- C:\SIERRA
2007-06-19 09:33 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-06-13 09:35 <KANSIO> d-------- C:\Program Files\Steam-Down
2007-06-12 21:55 <KANSIO> d-------- C:\Program Files\Windows Live
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-08 21:16:13 -------- d-----w C:\Program Files\DCPlusPlus
2007-07-08 21:06:58 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Tracktion
2007-07-08 21:06:46 -------- d-----w C:\Program Files\Tracktion2
2007-07-08 17:11:01 -------- d-----w C:\Program Files\Hijack This
2007-07-08 16:24:44 -------- d-----w C:\Program Files\DOSBox-0.70
2007-07-08 08:41:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 21:09:18 -------- d-----w C:\Program Files\Google
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\system32\msvcsv60.dll
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\msocreg32.dat
2007-07-07 15:28:26 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-06 22:46:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\X-Chat 2
2007-07-05 21:36:43 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Google
2007-07-05 14:36:14 -------- d-----w C:\Program Files\Steam
2007-07-05 12:07:41 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\uTorrent
2007-07-01 22:09:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-28 21:22:10 -------- d-----w C:\Program Files\WinTV
2007-06-28 10:35:30 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-27 22:37:02 76,842 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-27 22:37:02 378,280 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-22 06:00:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 21:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 18:55:04 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-08 19:51:45 6,342 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 19:45:22 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\GanymedeNet
2007-06-06 15:00:14 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-05 09:24:39 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\InterVideo
2007-06-05 09:22:55 -------- d-----w C:\Program Files\InterVideo
2007-06-05 08:09:26 -------- d-----w C:\Program Files\ATI Technologies
2007-06-04 06:38:06 -------- d-----w C:\Program Files\UOAM
2007-06-04 06:37:23 -------- d-----w C:\Program Files\Power Tab Software
2007-06-04 06:37:09 -------- d-----w C:\Program Files\PMPro Mobile Phone Video Converter
2007-06-04 06:36:52 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-04 06:36:47 -------- d-----w C:\Program Files\Nokia
2007-06-04 06:35:36 -------- d--h--w C:\Program Files\Zero G Registry
2007-06-04 06:33:50 -------- d-----w C:\Program Files\LastChaosMal
2007-06-04 06:20:29 -------- d-----w C:\Program Files\Hamachi
2007-06-03 19:10:06 -------- d-----w C:\Program Files\Conquer 2.0
2007-06-03 19:09:25 -------- d-----w C:\Program Files\eMule
2007-06-03 18:42:07 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-02 20:04:59 106 ----a-w C:\delete.bat
2007-05-22 04:26:31 -------- d-----w C:\Program Files\Theme Studio
2007-05-22 04:22:47 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 18:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-05-17 16:29:11 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:42:55 -------- d-----w C:\Program Files\AviSynth 2.5
2007-04-29 15:36:54 471,040 ----a-w C:\WINDOWS\Metallica Screensaver.scr
2007-04-29 15:36:51 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 11:58:43 4,096 ----a-w C:\WINDOWS\d3dx.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2423872 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F2F006DD302D}
C:\WINDOWS\system32\My_Server.exe
Contents of the 'Scheduled Tasks' folder
2007-07-07 15:15:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 13:08:01 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 16:18:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-09 16:20:52
C:\ComboFix-quarantined-files.txt ... 2007-07-09 16:20
C:\ComboFix2.txt ... 2007-07-08 19:40
C:\ComboFix3.txt ... 2007-07-08 18:45
--- E O F ---
|
|
Auttaja
Suspended permanently
|
9. heinäkuuta 2007 @ 12:52 |
Linkki tähän viestiin
|
Jaaha, suosittelen poistaa C:\Program Files\Messenger Plus! Live tuon ohjelman ja kansion :)
========
huom, skriptin aluss ei ole tyhjää riviä
Avaa Notepad ja kopioi/liitä allaoleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bccdcc7_r.dll
C:\WINDOWS\system32\mllml.dll.vir
C:\WINDOWS\system32\My_Server.exe
C:\WINDOWS\system32\taskmang.exe
C:\WINDOWS\txk.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C2B7B150-B41B-B8F0-F160-F2F006DD302D}]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
|
|
Vancet
Junior Member
|
9. heinäkuuta 2007 @ 18:12 |
Linkki tähän viestiin
|
"Janne" - 2007-07-09 22:01:58 - ComboFix 07-07-07.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Janne\Ty?p?yt?\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\txk.sys
((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))
2007-07-09 20:52 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-07-09 20:52 <KANSIO> d-------- C:\Program Files\Windows Media Components
2007-07-09 20:51 <KANSIO> d-------- C:\Program Files\TVactive
2007-07-07 19:25 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-07 18:25 <KANSIO> d-------- C:\GTA San Andreas User Files
2007-07-05 14:42 <KANSIO> d-------- C:\Program Files\Bonjour
2007-07-05 12:22 <KANSIO> d-------- C:\Program Files\CleanMyPC
2007-07-05 10:46 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-04 17:59 218 --a------ C:\WINDOWS\system32\vfw_32.reg
2007-07-04 17:52 <KANSIO> d-------- C:\Program Files\Xingtone
2007-07-04 17:14 106,496 --a------ C:\WINDOWS\acufutls.dll
2007-07-04 17:14 <KANSIO> d-------- C:\Program Files\Acoustica Shared Effects
2007-07-04 17:13 <KANSIO> d-------- C:\Program Files\Acoustica Beatcraft
2007-07-04 16:56 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Renegade Minds
2007-07-04 16:36 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EarMaster
2007-07-04 16:31 <KANSIO> d-------- C:\Program Files\ChordSearch
2007-07-02 01:09 <KANSIO> dr-h----- C:\DOCUME~1\Janne\APPLIC~1\SecuROM
2007-07-02 01:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-02 01:05 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-02 01:05 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-02 01:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-02 01:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-02 01:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-02 00:58 <KANSIO> d-------- C:\Program Files\Ubisoft
2007-06-27 22:46 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-06-27 16:35 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\Datalayer
2007-06-27 16:07 <KANSIO> d-------- C:\DOCUME~1\Janne\APPLIC~1\HP
2007-06-27 16:06 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-27 16:03 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-27 15:54 <KANSIO> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-27 15:20 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-27 15:20 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-27 15:20 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-27 15:20 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-27 15:20 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-27 15:20 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-27 15:19 <KANSIO> d-------- C:\Program Files\HP
2007-06-25 18:36 <KANSIO> d-------- C:\Program Files\Ares
2007-06-22 09:04 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-06-21 19:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-21 19:34 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-21 19:34 <KANSIO> d-------- C:\SIERRA
2007-06-19 09:33 <KANSIO> d-------- C:\Program Files\Games-Masters.com
2007-06-13 09:35 <KANSIO> d-------- C:\Program Files\Steam-Down
2007-06-12 21:55 <KANSIO> d-------- C:\Program Files\Windows Live
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-08 21:16:13 -------- d-----w C:\Program Files\DCPlusPlus
2007-07-08 21:06:58 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Tracktion
2007-07-08 21:06:46 -------- d-----w C:\Program Files\Tracktion2
2007-07-08 17:11:01 -------- d-----w C:\Program Files\Hijack This
2007-07-08 16:24:44 -------- d-----w C:\Program Files\DOSBox-0.70
2007-07-08 08:41:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 21:09:18 -------- d-----w C:\Program Files\Google
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\system32\msvcsv60.dll
2007-07-07 17:11:47 48 ----a-w C:\WINDOWS\msocreg32.dat
2007-07-07 15:28:26 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-06 22:46:37 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\X-Chat 2
2007-07-05 21:36:43 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\Google
2007-07-05 14:36:14 -------- d-----w C:\Program Files\Steam
2007-07-05 12:07:41 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\uTorrent
2007-07-01 22:09:06 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-28 21:22:10 -------- d-----w C:\Program Files\WinTV
2007-06-28 10:35:30 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-27 22:37:02 76,842 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-06-27 22:37:02 378,280 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-06-22 06:00:02 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 21:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 18:55:04 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-08 19:51:45 6,342 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 19:45:22 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\GanymedeNet
2007-06-06 15:00:14 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-06-05 09:24:39 -------- d-----w C:\DOCUME~1\Janne\APPLIC~1\InterVideo
2007-06-05 09:22:55 -------- d-----w C:\Program Files\InterVideo
2007-06-05 08:09:26 -------- d-----w C:\Program Files\ATI Technologies
2007-06-04 06:38:06 -------- d-----w C:\Program Files\UOAM
2007-06-04 06:37:23 -------- d-----w C:\Program Files\Power Tab Software
2007-06-04 06:37:09 -------- d-----w C:\Program Files\PMPro Mobile Phone Video Converter
2007-06-04 06:36:52 -------- d-----w C:\Program Files\Common Files\Nokia
2007-06-04 06:36:47 -------- d-----w C:\Program Files\Nokia
2007-06-04 06:35:36 -------- d--h--w C:\Program Files\Zero G Registry
2007-06-04 06:33:50 -------- d-----w C:\Program Files\LastChaosMal
2007-06-04 06:20:29 -------- d-----w C:\Program Files\Hamachi
2007-06-03 19:10:06 -------- d-----w C:\Program Files\Conquer 2.0
2007-06-03 19:09:25 -------- d-----w C:\Program Files\eMule
2007-06-03 18:42:07 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-02 20:04:59 106 ----a-w C:\delete.bat
2007-05-22 04:26:31 -------- d-----w C:\Program Files\Theme Studio
2007-05-22 04:22:47 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:57:34 2,164,736 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-17 18:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-05-17 16:29:11 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:42:55 -------- d-----w C:\Program Files\AviSynth 2.5
2007-04-29 15:36:54 471,040 ----a-w C:\WINDOWS\Metallica Screensaver.scr
2007-04-29 15:36:51 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 11:58:43 4,096 ----a-w C:\WINDOWS\d3dx.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 13:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2423872 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 18:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2003-11-17 19:34]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2003-10-28 14:10]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 20:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
Contents of the 'Scheduled Tasks' folder
2007-07-07 15:15:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 18:08:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 22:06:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-09 22:08:11
C:\ComboFix-quarantined-files.txt ... 2007-07-09 22:08
C:\ComboFix2.txt ... 2007-07-09 16:20
C:\ComboFix3.txt ... 2007-07-08 19:40
--- E O F ---
|
|
Auttaja
Suspended permanently
|
9. heinäkuuta 2007 @ 18:24 |
Linkki tähän viestiin
|
Lataa suspicious file packer täältä
Pura se työpöydälle, avaa se & ja liitä alla oleva tiedostolista siihen, klikkaa next & se luo paketin (zip/cab) työpöydälle.
C:\QooBox\Quarantine\C\WINDOWS\txk.sys.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\My_Server.exe.vir
C:\QooBox\Quarantine\C\WINDOWS\system32\taskmang.exe.vir
Mene spykilleriin
Klikkaa new topic, anna otsikoksi "Files for you (subs?), possible rootkit?, (+ extra infostealer)"
Lisää viestiin tämän viestiketjun linkki, sitten liitä cab/zip-tiedosto viestiin ja lähetä viesti.
Jos et löydä sitä Selaa-nappulan kautta, niin kopioi/liitä tiedostonimi polkuineen.
============
Ja nyt tää F-secure :)
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. heinäkuuta 2007 @ 18:28
|
|
Vancet
Junior Member
|
10. heinäkuuta 2007 @ 07:51 |
Linkki tähän viestiin
|
|
Noniin. Postasin ne tuonne Spykilleriin kuten sanoit. Mutta mitäs se auttaa asiaa? :P
|
|
Auttaja
Suspended permanently
|
10. heinäkuuta 2007 @ 08:00 |
Linkki tähän viestiin
|
|
Sitä että seuraavan kerran kun jollain sama ongelma, ei tarvitse näin hankalasti poistaa (mahdollisesti), ajappas sitten tuo f-secure niin varmistellaan, laita myös uusi hjtlogi sitten
|
|
Vancet
Junior Member
|
10. heinäkuuta 2007 @ 16:23 |
Linkki tähän viestiin
|
Scanning Report
Tuesday, July 10, 2007 15:05:35 - 20:17:19
Computer name: JANNE-THI3VFIV0
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 19 malware found
Backdoor.Win32.VB.bco (virus)
* C:\QooBox\Quarantine\C\WINDOWS\system32\My_Server.exe.vir (Renamed & Submitted)
* C:\Documents and Settings\Janne\Ty�p�yt�\requested-files[2007-07-10_11_38].cab\C:\QooBox\Quarantine\C\WINDOWS\system32\My_Server.exe.vir
* C:\Documents and Settings\Janne\Ty�p�yt�\Jannen nahkainen salkku\setupit\Photoshop CS3 Crack.rar\PS3 Crack.exe
Tracking Cookie (spyware)
* System (Disinfected)
Trojan-Downloader.Win32.Agent.bl (virus)
* C:\WINDOWS\Config\csrss.exe (Renamed & Submitted)
* C:\Documents and Settings\Janne\Ty�p�yt�\Jannen nahkainen salkku\setupit\Adobe Photoshop Cs3 Keygen 2007.zip\Adobe Photoshop Cs3 Keygen 2007.exe
Trojan-Downloader.Win32.Alphabet.c (virus)
* C:\WINDOWS\system32\winsys64.0xe
Trojan-Dropper.Win32.Delf.xo (virus)
* C:\Documents and Settings\Janne\Local Settings\Application Data\Ares\My Shared Folder\acoustica beatcraft 1 02 15 keygen.zip\Acoustica Beatcraft 1.02.15 Keygen.exe
* C:\Documents and Settings\Janne\Local Settings\Application Data\Ares\My Shared Folder\google[1] earth pro 3 0beta-voorhees.rar\GEP3B\gep3b_pf.rar\gep3b_pf.exe
Trojan.Win32.Dialer.qn (virus)
* C:\QooBox\Quarantine\C\WINDOWS\system32\wintuh32.dll.0ir (Submitted)
Vundo.gen11 (virus)
* C:\QooBox\Quarantine\C\WINDOWS\system32\mllml.dll.vir.vir (Submitted)
Vundo.gen26 (virus)
* C:\VundoFix Backups\ddccy.dll.bad (Submitted)
* C:\VundoFix Backups\geeda.dll.bad (Submitted)
W32/DLoader.BXTM (virus)
* C:\RECYCLER\S-1-5-18\Dc5\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc4\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc3\Update.exe (Submitted)
* C:\RECYCLER\S-1-5-18\Dc2\Update.exe (Submitted)
W32/Malware (virus)
* C:\WINDOWS\system32\dr.exe (Submitted)
Win32.TrojanDownloader.Alphabet (spyware)
* System (Disinfected)
Statistics
Scanned:
* Files: 680148
* System: 5622
* Not scanned: 124
Actions:
* Disinfected: 2
* Renamed: 2
* Deleted: 0
* None: 15
* Submitted: 11
Files not scanned:
h�R�H
Options
Scanning engines:
* F-Secure Libra: 2.4.2, 2007-07-09
* F-Secure AVP: 7.0.171, 2007-07-10
* F-Secure Orion: 1.2.37, 2007-07-10
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-07-09
* F-Secure Pegasus: 1.19.0, 2007-06-10
Scanning options:
* Scan all files
* Scan inside archives
* Use Advanced heuristics
Logfile of HijackThis v1.99.1
Scan saved at 20:23:30, on 10.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hijack This\Pommi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?2b72ca53eee64d649eb77d7613a76fc4
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
10. heinäkuuta 2007 @ 16:26 |
Linkki tähän viestiin
|
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa HijackThis-logia tarkistettavaksi!
|
|
