|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Popuppeja hypppii silmille kokoajan
|
|
Newbie
|
11. heinäkuuta 2007 @ 13:32 |
Linkki tähän viestiin
|
Eli ilmeisesti jonnin sortin pöpö koneessa enkä oikein tiedä mitä tehdä.Avaa ie:l koko ajan jotain sivua. Putsasin ad awarel, spybotil, spyware terminatoril ja avg:l mut silti pysyy kaveri konees. Lueskelin jo läpi vähä et mitä pitäs tehä mut untuvikkona ni pääsin vast toho logiin eli voisko joku olla reilu ja auttaa hieman. Täs HjT logi vai mikä lie.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:01, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\Emppu\Desktop\nutty.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ssqqomn - ssqqomn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 5443 bytes
hihnakireel 24/7
|
|
Auttaja
Suspended permanently
|
11. heinäkuuta 2007 @ 13:55 |
Linkki tähän viestiin
|
Koitetaa eka tällä
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
sisältö
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
=========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
==========
myös uusi HJTLogi
|
Newbie
|
11. heinäkuuta 2007 @ 14:08 |
Linkki tähän viestiin
|
hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:46, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ssqqomn - ssqqomn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 5432 bytes
vundo:
VundoFix V6.5.4
Checking Java version...
Scan started at 17:59:06 11.7.2007
Listing files found while scanning....
C:\WINDOWS\system32\ssqqomn.dll
Beginning removal...
Performing Repairs to the registry.
Done!
hihnakireel 24/7
|
Newbie
|
11. heinäkuuta 2007 @ 14:16 |
Linkki tähän viestiin
|
combo:
"Emppu" - 2007-07-11 18:09:15 - ComboFix 07-07-10.1 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\asc3550u
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 18:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:59 <DIR> d-------- C:\VundoFix Backups
2007-07-11 00:17 32,866 --a------ C:\WINDOWS\slrundll.exe
2007-07-11 00:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-10 23:46 77,824 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-10 23:46 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-10 23:46 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-10 23:46 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-10 23:45 <DIR> d-------- C:\Program Files\Sygate
2007-07-10 23:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-10 21:30 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-10 20:12 17,408 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-07-10 20:07 <DIR> d-------- C:\WINDOWS\Web Download
2007-07-08 16:17 <DIR> d-------- C:\Program Files\SopCast
2007-07-08 16:17 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\SopCast
2007-07-05 21:16 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Logitech
2007-07-05 21:15 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-07-05 21:15 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-07-05 21:15 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-07-05 21:15 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-07-05 21:15 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-07-05 21:15 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-07-05 21:15 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-07-05 21:14 <DIR> d-------- C:\Program Files\Logitech
2007-07-05 21:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-07-05 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-07-03 21:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-07-03 21:06 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Creative
2007-07-03 20:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-03 20:50 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-03 20:50 <DIR> d-------- C:\Program Files\Audible
2007-07-03 20:47 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-07-03 20:47 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-07-03 20:46 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-07-03 20:46 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-07-03 20:42 <DIR> d-------- C:\Program Files\Creative
2007-07-02 19:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-01 17:06 <DIR> d--hs---- C:\$RECYCLE.BIN
2007-07-01 16:34 <DIR> d--hs---- C:\Boot
2007-07-01 13:52 <DIR> d-------- C:\Program Files\Euroword2004
2007-07-01 13:18 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-01 13:18 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Spyware Terminator
2007-07-01 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-07-01 13:01 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Ahead
2007-07-01 13:00 <DIR> d-------- C:\Program Files\Nero
2007-07-01 13:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-01 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-01 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-01 12:44 <DIR> d-------- C:\Program Files\Bonjour
2007-07-01 12:33 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-30 14:08 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2007-06-30 14:08 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2007-06-30 14:08 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2007-06-30 13:57 172,032 --a------ C:\WINDOWS\system32\nvuaudio.exe
2007-06-30 13:49 <DIR> d-------- C:\Program Files\uTorrent
2007-06-30 13:32 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-30 13:04 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-06-30 13:03 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\SmartFTP
2007-06-30 13:02 <DIR> d-------- C:\Program Files\SmartFTP
2007-06-30 13:01 <DIR> d-------- C:\Program Files\SmartFTP Client Setup Files
2007-06-30 12:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-30 12:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-30 12:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-30 12:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-30 12:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-30 12:52 <DIR> d-------- C:\Program Files\CyberLink
2007-06-30 12:49 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-30 12:49 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-30 12:49 <DIR> d-------- C:\Program Files\Xvid
2007-06-30 12:28 <DIR> d-------- C:\Program Files\Secway
2007-06-30 12:27 <DIR> d--hs---- C:\RECYCLER
2007-06-30 12:27 <DIR> d-------- C:\DOCUME~1\Emppu\Contacts
2007-06-30 12:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-30 12:22 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-30 12:01 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\ATI
2007-06-30 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-06-30 11:57 <DIR> d-------- C:\Program Files\ATI Technologies
2007-06-30 11:13 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-30 11:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-30 11:08 <DIR> d-------- C:\WINDOWS\ShellNew
2007-06-30 10:45 <DIR> d-------- C:\WINDOWS\provisioning
2007-06-30 10:45 <DIR> d-------- C:\WINDOWS\peernet
2007-06-30 10:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-30 10:39 <DIR> d-------- C:\WINDOWS\EHome
2007-06-30 10:26 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2007-06-30 10:26 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2007-06-30 10:15 34,321 -ra------ C:\WINDOWS\system32\UInsADSL.exe
2007-06-30 10:15 29,203 -ra------ C:\WINDOWS\system32\NdiNt5.dll
2007-06-30 10:15 211,456 -ra------ C:\WINDOWS\system32\DllMapi8.exe
2007-06-30 10:15 202,240 -ra------ C:\WINDOWS\system32\UnInst.exe
2007-06-30 10:15 147,968 -ra------ C:\WINDOWS\system32\DllMapi7.exe
2007-06-30 10:15 138,752 -ra------ C:\WINDOWS\system32\DllMapi6.exe
2007-06-30 10:15 132,608 -ra------ C:\WINDOWS\system32\DllMapi2.exe
2007-06-30 09:57 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-30 09:57 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-30 09:57 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-30 09:49 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-06-30 09:49 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-06-30 09:49 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-06-30 09:49 404,752 --a------ C:\WINDOWS\system32\javart.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-13 00:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-10 22:44]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2003-10-21 16:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomn]
ssqqomn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 18:13:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-11 18:15:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 18:15
--- E O F ---
hihnakireel 24/7
|
|
Auttaja
Suspended permanently
|
11. heinäkuuta 2007 @ 14:43 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomn]
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
======'
Laita myös uusi hijackthislogi ja kerro tuleeko viel popuppeja nii jatketaa.
|
Newbie
|
11. heinäkuuta 2007 @ 14:53 |
Linkki tähän viestiin
|
ei pyytän boottaa ni en si bootant.
combo2:
"Emppu" - 2007-07-11 18:09:15 - ComboFix 07-07-10.1 - Service Pack 2
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\asc3550u
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))
2007-07-11 18:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 17:59 <DIR> d-------- C:\VundoFix Backups
2007-07-11 00:17 32,866 --a------ C:\WINDOWS\slrundll.exe
2007-07-11 00:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-10 23:46 77,824 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-07-10 23:46 55,888 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-07-10 23:46 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-07-10 23:46 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-07-10 23:45 <DIR> d-------- C:\Program Files\Sygate
2007-07-10 23:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-10 21:30 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-10 20:12 17,408 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-07-10 20:07 <DIR> d-------- C:\WINDOWS\Web Download
2007-07-08 16:17 <DIR> d-------- C:\Program Files\SopCast
2007-07-08 16:17 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\SopCast
2007-07-05 21:16 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Logitech
2007-07-05 21:15 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-07-05 21:15 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-07-05 21:15 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-07-05 21:15 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-07-05 21:15 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-07-05 21:15 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-07-05 21:15 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-07-05 21:14 <DIR> d-------- C:\Program Files\Logitech
2007-07-05 21:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-07-05 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-07-03 21:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-07-03 21:06 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Creative
2007-07-03 20:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-03 20:50 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-03 20:50 <DIR> d-------- C:\Program Files\Audible
2007-07-03 20:47 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-07-03 20:47 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-07-03 20:46 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-07-03 20:46 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-07-03 20:42 <DIR> d-------- C:\Program Files\Creative
2007-07-02 19:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-01 17:06 <DIR> d--hs---- C:\$RECYCLE.BIN
2007-07-01 16:34 <DIR> d--hs---- C:\Boot
2007-07-01 13:52 <DIR> d-------- C:\Program Files\Euroword2004
2007-07-01 13:18 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-01 13:18 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Spyware Terminator
2007-07-01 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-07-01 13:01 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\Ahead
2007-07-01 13:00 <DIR> d-------- C:\Program Files\Nero
2007-07-01 13:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-01 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-07-01 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-01 12:44 <DIR> d-------- C:\Program Files\Bonjour
2007-07-01 12:33 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-30 14:08 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2007-06-30 14:08 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2007-06-30 14:08 1,024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2007-06-30 13:57 172,032 --a------ C:\WINDOWS\system32\nvuaudio.exe
2007-06-30 13:49 <DIR> d-------- C:\Program Files\uTorrent
2007-06-30 13:32 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-06-30 13:04 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-06-30 13:03 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\SmartFTP
2007-06-30 13:02 <DIR> d-------- C:\Program Files\SmartFTP
2007-06-30 13:01 <DIR> d-------- C:\Program Files\SmartFTP Client Setup Files
2007-06-30 12:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-30 12:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-30 12:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-30 12:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-30 12:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-30 12:52 <DIR> d-------- C:\Program Files\CyberLink
2007-06-30 12:49 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-30 12:49 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-30 12:49 <DIR> d-------- C:\Program Files\Xvid
2007-06-30 12:28 <DIR> d-------- C:\Program Files\Secway
2007-06-30 12:27 <DIR> d--hs---- C:\RECYCLER
2007-06-30 12:27 <DIR> d-------- C:\DOCUME~1\Emppu\Contacts
2007-06-30 12:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-30 12:22 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-30 12:01 <DIR> d-------- C:\DOCUME~1\Emppu\APPLIC~1\ATI
2007-06-30 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-06-30 11:57 <DIR> d-------- C:\Program Files\ATI Technologies
2007-06-30 11:13 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-30 11:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-30 11:08 <DIR> d-------- C:\WINDOWS\ShellNew
2007-06-30 10:45 <DIR> d-------- C:\WINDOWS\provisioning
2007-06-30 10:45 <DIR> d-------- C:\WINDOWS\peernet
2007-06-30 10:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-30 10:39 <DIR> d-------- C:\WINDOWS\EHome
2007-06-30 10:26 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2007-06-30 10:26 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2007-06-30 10:15 34,321 -ra------ C:\WINDOWS\system32\UInsADSL.exe
2007-06-30 10:15 29,203 -ra------ C:\WINDOWS\system32\NdiNt5.dll
2007-06-30 10:15 211,456 -ra------ C:\WINDOWS\system32\DllMapi8.exe
2007-06-30 10:15 202,240 -ra------ C:\WINDOWS\system32\UnInst.exe
2007-06-30 10:15 147,968 -ra------ C:\WINDOWS\system32\DllMapi7.exe
2007-06-30 10:15 138,752 -ra------ C:\WINDOWS\system32\DllMapi6.exe
2007-06-30 10:15 132,608 -ra------ C:\WINDOWS\system32\DllMapi2.exe
2007-06-30 09:57 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-30 09:57 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-30 09:57 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-30 09:49 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-06-30 09:49 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-06-30 09:49 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-06-30 09:49 404,752 --a------ C:\WINDOWS\system32\javart.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-04 12:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 12:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 12:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-13 00:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-10 22:44]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2003-10-21 16:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomn]
ssqqomn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 18:13:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-11 18:15:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 18:15
--- E O F ---
hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:11, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 5182 bytes
hihnakireel 24/7
|
Newbie
|
11. heinäkuuta 2007 @ 15:03 |
Linkki tähän viestiin
|
|
parin minuutin pörräyksen jälkee näyttäs toimivan ihan ok. Ei oo popuppeja näkynnä tai sit non vaa piilos viel..
hihnakireel 24/7
|
|
Auttaja
Suspended permanently
|
11. heinäkuuta 2007 @ 15:03 |
Linkki tähän viestiin
|
==========
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
==========
Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:
Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille
==========
Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"
Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.
Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
==========
Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
==========
Uusi Hijackthislogi ja f-securen raportti.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. heinäkuuta 2007 @ 15:04
|
Newbie
|
11. heinäkuuta 2007 @ 19:30 |
Linkki tähän viestiin
|
f-secure:
Scanning Report
Wednesday, July 11, 2007 19:11:40 - 23:18:21
Computer name: EIGHTBAL
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ I:\
Result: 6 malware found
Rootkit.Win32.Agent.eq (virus)
* C:\QooBox\Quarantine\catchme2007-07-11_181309.10.zip\core.sys
Tracking Cookie (spyware)
* System (Disinfected)
Trojan-Downloader.Win32.Agent.aqi (virus)
* C:\WINDOWS\system32\dxdllreg.exe (Renamed & Submitted)
* C:\WINDOWS\system32\dxdllreg.exe~ (Renamed & Submitted)
W32/Agent.BVGJ (virus)
* D:\Softat sun muu h?rp?ke\10054_vista.zip\10054_vista.exe
W32/Suspicious_F.gen (virus)
* E:\__software\_MISC\Easy_CD-DA_Extractor_v6[1].20_by_DiGENiTY.zip\ezcddax620kg.exe
Statistics
Scanned:
* Files: 224561
* System: 4117
* Not scanned: 160
Actions:
* Disinfected: 1
* Renamed: 2
* Deleted: 0
* None: 3
* Submitted: 2
Files not scanned:
H
Options
Scanning engines:
* F-Secure Libra: 2.4.2, 2007-07-11
* F-Secure AVP: 7.0.171, 2007-07-11
* F-Secure Orion: 1.2.37, 2007-07-11
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-06-10
Scanning options:
* Scan all files
* Scan inside archives
* Use Advanced heuristics
hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:48, on 11.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 5247 bytes
hihnakireel 24/7
|
|
Auttaja
Suspended permanently
|
11. heinäkuuta 2007 @ 19:40 |
Linkki tähän viestiin
|
Moron!
C:\WINDOWS\system32\appmgmt
Poista toi kansio, Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa HijackThis-logia tarkistettavaksi!
|
Newbie
|
13. heinäkuuta 2007 @ 03:27 |
Linkki tähän viestiin
|
huomenta prkl
toimii ja toimii. Ollaan päästy siihen pisteeseen et tein kaiken mitä piti mut nyt sit joka kerta ku käynnistän koneen ni ilmottaa et "new version notification" koskien sygaten palomuuria. sitku meen linkist eteenpäin ni pomppaa symanteci sivulle ja ilmoo erroria. Enempää en oo ees testannu konetta ku palo het käämit.
hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:13, on 13.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mapiicon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - -"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 5289 bytes
hihnakireel 24/7
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
13. heinäkuuta 2007 @ 12:31 |
Linkki tähän viestiin
|
Jepjep, poista kaikki sygatet ohjauspaneelista, aja ccleaner ja asenna sygaten uusin versio.
|
|
