|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT-loki
|
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 07:51 |
Linkki tähän viestiin
|
W32.Myzor.FK@yf
Kesänloman vietossa vanhempien luona huomasin, että isukin kone yskii pahemman kerran. Pahinta ongelmaa ovat pop-upit, jotka suljettuaan saa sulkea uutta pientä ikkunaa "asD", jossa ainoana vaihtoehtona "release" ja "ok". Myös kotisivuna uppo-outo ilmestys ja selaimessa vielä ylimääräinen "security toolbar 7.1", joka ei lähde kirveelläkään. Lisäksi ruudun oikessa alareunassa varoitellaan kaikennäköistä, mm. "system alert: malware threats"
Tein HJT skannauksen ja loki olisi tässä:
Logfile of HijackThis v1.99.1
Scan saved at 11:49:38, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uusikaupunki.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E3147899AA6A2A1FBB39BFE4976E26CAEDDA7C5C7842213DC6C3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c0059240.dat
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZSzim029YYFI
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00BA76F.dat
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 15:09 |
Linkki tähän viestiin
|
alotetaan täll
Lataa SmitfraudFix (by S!Ri) työpöydällesi.
Tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
==========
Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.
Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.
Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.
Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".
Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
==========
Laita molempien kohtien lokit, myös uusi HJTlogi
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 16:55 |
Linkki tähän viestiin
|
Kiitoksia! Pääsin alkuun, mutta ongelmat jatkuvat. Eli hiiri ei vikasietotilassa suostu toimimaan. sain näppäilemillä viiden yrityksen jälkeen smitfraudFixin toimimaan, mutten enää onnistunut kopioimaan raporttia, joten koko homma jäi kesken. Eli millä saisin hiireni toimimaan vikasietotilassa? Myös tuo edellä oleva osa ohjeistasi jäi näin maallikolle vähän epäselväksi:
"Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/pr...rocessutil.htm"
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 17:04 |
Linkki tähän viestiin
|
Eli.. Toi loppupätkä on merkityksetön ellei antivirus ohjelmasi valita siitä.. Voi olla että hiiren tarvitsemat ohjelmat ei avaudu vikasietotilassa...
Eli.. Aja toi option #2 normaalitilassa ja laita logi siitä.. Ei luultavasti poista kokonaan mutta jatkellaan sitten.. eli se #2 logi ja uusi hijackthis logi.. seuraavaan vastaukseen
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 17:21 |
Linkki tähän viestiin
|
Tässä lokit:
SmitfraudFix:
SmitFraudFix v2.209
Scan done at 21:12:27,64, ti 07.08.2007
Run from C:\Documents and Settings\Pekka\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"="arouse"
[HKEY_CLASSES_ROOT\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 3Com Gigabit LOM (3C940) - Paketinajoituksen miniportti
DNS Server Search Order: 83.146.224.3
DNS Server Search Order: 83.146.224.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C66A3FE-36D2-472B-B14D-B0D24A8453C2}: DhcpNameServer=83.146.224.3 83.146.224.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9C66A3FE-36D2-472B-B14D-B0D24A8453C2}: DhcpNameServer=83.146.224.3 83.146.224.4
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C66A3FE-36D2-472B-B14D-B0D24A8453C2}: DhcpNameServer=83.146.224.3 83.146.224.4
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=83.146.224.3 83.146.224.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=83.146.224.3 83.146.224.4
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=83.146.224.3 83.146.224.4
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"="arouse"
[HKEY_CLASSES_ROOT\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
ja HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:16:22, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E3147899AA6A2A1FBB39BFE4976E26CAEDDA7C5C7842213DC6C3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c0059240.dat
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZSzim029YYFI
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00BA76F.dat
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 18:22 |
Linkki tähän viestiin
|
Poista ohjauspaneelin lisää/poista sovelluksen kautta
seekmo
mywebseach
drive cleaner
========
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E3147899AA6A2A1FBB39BFE4976E26CAEDDA7C5C7842213DC6C3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c0059240.dat
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZSzim029YYFI
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00BA76F.dat
Tässä ohje miten merkataan:
========
Lataa RogueRemover
(tai tästä)
Tallenna rr-free-setup.exe työpöydällesi.
Klikkaa rr-free-setup.exe aloittaksesi ohjelman asennuksen
*Klikkaa Next ja sitten I agree ja lopuksi Install
*Ota rasti pois Show Readme edestä ja paina Finish
*Tämä käynnistää RogueRemover-ohjelman
*Sulje Help- kkunan
*Paina Check for updates
*Jos on uusia päivityksiä saatavilla, paina Download
*Odota, että ohjelma lataa ja asentaa uudet päivitykset,kun valmis paina Close päivitysikkunassa
*Paina Scan
*Jos ei mitään löytynyt ,sulje RogueRemover
*Jos RogueRemover löysi jotain, niin se esittelee listan löydetyistä tiedostoista
*Paina Save log
*Paina OK ponnahdusikkunassa
*Paina Remove selected
*Paina YES ponnahdusikkunassa
*Odota että ohjelma suorittaa tiedostojen poistoa loppuun,sen jälkeen sulje RogueRemover
*Käytä muistiota (Notepad) avataaksesi tämän tiedoston
C:\Program Files\RogueRemover\RRLog******.txt
Huom: ****** on aika kun ajoit RogueRemoverin
Lähetä tämä loki tiedosto viestiketjuusi
========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
==========
eli combon ja rremoverin logi
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 18:50 |
Linkki tähän viestiin
|
|
En löytänyt ko. ohjelmia "lisää tai poista sovellus"-kautta.
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 19:00 |
Linkki tähän viestiin
|
|
ei hätää jatka vaan ohjeita sitten etiäpäin.
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 19:10 |
Linkki tähän viestiin
|
Eipä suostu poistamaan tuota lista viimeistä. Ajattelin vielä kysäistä sulta ensin, ennen kuin Merijniltä :)! Oliko tuossa muuten väliä suorittiko skannauksen backupilla vai ilman?
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00BA76F.dat)
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
boludo
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 19:25 |
Linkki tähän viestiin
|
Jatkoin silti eteen päin ohjeita, eikä rremover löytänyt mitään.
combon loki on tässä:
ComboFix 07-08-04.3 - "Pekka" 2007-08-07 23:18:12.1 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Pekka\TYPYT~1.\internet explorer.lnk
C:\Program Files\VirusProtectPro 3.6
C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe
C:\WINDOWS\system32\f3PSSavr.scr
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 23:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 23:12 d-------- C:\Program Files\RogueRemover FREE
2007-08-07 21:28 d-------- C:\WINDOWS\pss
2007-08-07 20:40 d-------- C:\Program Files\SmitfraudFix
2007-08-07 19:58 3,788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 17:23 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 17:23 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 11:31 d-------- C:\Program Files\XoftSpySE
2007-08-07 04:00 d-------- C:\HijackThis
2007-08-07 03:29 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-07 03:29 d-------- C:\Program Files\Common Files\DriveCleaner Freeware
2007-08-07 02:21 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-07 02:20 80,895 --a------ C:\WINDOWS\system32\__c00BA76F.dat
2007-08-07 02:20 69,120 --a------ C:\WINDOWS\system32\__c0059240.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 23:01 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\Skype
2007-08-07 20:46 --------- d-------- C:\Program Files\lg_fwupdate
2007-07-11 17:07 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\AdobeUM
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-07-20 10:47 20328 --a------ C:\DOCUME~1\Pekka\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-04-04 13:56]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-06-06 11:52]
"B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [2003-11-05 05:38]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 07:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-16 20:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-08-10 10:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 12:21]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"= C:\WINDOWS\system32\eigbbb.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00BA76F.dat
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
R3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys
S3 BS_DEF;BS_DEF;\??\C:\WINDOWS\system32\drivers\BS_DEF.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-08-07 19:47:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 23:19:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 23:20:48
C:\ComboFix-quarantined-files.txt ... 2007-08-07 23:20
--- E O F ---
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 20:34 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
File::
C:\WINDOWS\system32\__c00BA76F.dat
C:\WINDOWS\system32\__c0059240.dat
C:\WINDOWS\system32\eigbbb.dll
Folder::
C:\Program Files\Common Files\DriveCleaner Freeware
Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 20:43 |
Linkki tähän viestiin
|
ComboFix 07-08-04.3 - "Pekka" 2007-08-08 0:38:53.2 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 23:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 23:12 d-------- C:\Program Files\RogueRemover FREE
2007-08-07 21:28 d-------- C:\WINDOWS\pss
2007-08-07 20:40 d-------- C:\Program Files\SmitfraudFix
2007-08-07 19:58 3,788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 17:23 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 17:23 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 11:31 d-------- C:\Program Files\XoftSpySE
2007-08-07 04:00 d-------- C:\HijackThis
2007-08-07 03:29 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-07 03:29 d-------- C:\Program Files\Common Files\DriveCleaner Freeware
2007-08-07 02:21 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-07 02:20 80,895 --a------ C:\WINDOWS\system32\__c00BA76F.dat
2007-08-07 02:20 69,120 --a------ C:\WINDOWS\system32\__c0059240.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-07 23:49 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\Skype
2007-08-07 20:46 --------- d-------- C:\Program Files\lg_fwupdate
2007-07-11 17:07 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\AdobeUM
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-07-20 10:47 20328 --a------ C:\DOCUME~1\Pekka\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-04-04 13:56]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-06-06 11:52]
"B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [2003-11-05 05:38]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 07:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-16 20:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-08-10 10:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 12:21]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"= C:\WINDOWS\system32\eigbbb.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00BA76F.dat
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
R3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys
S3 BS_DEF;BS_DEF;\??\C:\WINDOWS\system32\drivers\BS_DEF.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-08-07 20:47:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 00:40:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-08 0:41:33
C:\ComboFix-quarantined-files.txt ... 2007-08-08 00:41
C:\ComboFix2.txt ... 2007-08-07 23:20
--- E O F ---
boludo
|
|
Auttaja
Suspended permanently
|
7. elokuuta 2007 @ 21:02 |
Linkki tähän viestiin
|
|
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
File::
C:\WINDOWS\system32\__c00BA76F.dat
C:\WINDOWS\system32\__c0059240.dat
C:\WINDOWS\system32\eigbbb.dll
Folder::
C:\Program Files\Common Files\DriveCleaner Freeware
Lukiko noin tuon cfscriptin sisällä, yrittäisitkö vielä uudestaan... jos ei onnistu näin nii koitetaa sitte vähän pitempää tapaa..
|
|
jaeskol
Newbie
|
7. elokuuta 2007 @ 21:26 |
Linkki tähän viestiin
|
uusi yritys ja tässä tulos:
ComboFix 07-08-04.3 - "Pekka" 2007-08-08 1:18:24.3 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.Tosi
Command switches used :: C:\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\DriveCleaner Freeware
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\WINDOWS\system32\__c0059240.dat
C:\WINDOWS\system32\__c00BA76F.dat
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 23:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 23:12 d-------- C:\Program Files\RogueRemover FREE
2007-08-07 21:28 d-------- C:\WINDOWS\pss
2007-08-07 20:40 d-------- C:\Program Files\SmitfraudFix
2007-08-07 19:58 3,788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 17:23 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT
2007-08-07 17:23 dr------- C:\DOCUME~1\JRJEST~1\K?ynnist?-valikko
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp?rist?
2007-08-07 17:23 d--h----- C:\DOCUME~1\JRJEST~1\Mallit
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Ty?p?yt?
2007-08-07 17:23 d-------- C:\DOCUME~1\JRJEST~1\Suosikit
2007-08-07 11:31 d-------- C:\Program Files\XoftSpySE
2007-08-07 04:00 d-------- C:\HijackThis
2007-08-07 03:29 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-07 02:21 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-08 01:21 --------- d-------- C:\Program Files\lg_fwupdate
2007-08-08 01:19 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\Skype
2007-07-11 17:07 --------- d-------- C:\DOCUME~1\Pekka\APPLIC~1\AdobeUM
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-07-20 10:47 20328 --a------ C:\DOCUME~1\Pekka\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-04-04 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-04-04 13:56]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-06-06 11:52]
"B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [2003-11-05 05:38]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 07:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-16 20:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-08-10 10:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 12:21]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 EL2000;3Com 3C2000x EtherLink XL Adapter;C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
R3 sermouse;Serial Mouse Driver;C:\WINDOWS\system32\DRIVERS\sermouse.sys
S3 BS_DEF;BS_DEF;\??\C:\WINDOWS\system32\drivers\BS_DEF.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
Contents of the 'Scheduled Tasks' folder
2007-08-07 21:47:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 01:21:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xb9m\xd3w\2]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-08 1:23:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 01:23
C:\ComboFix2.txt ... 2007-08-08 00:41
C:\ComboFix3.txt ... 2007-08-07 23:20
--- E O F ---
boludo
|
|
Auttaja
Suspended permanently
|
8. elokuuta 2007 @ 09:35 |
Linkki tähän viestiin
|
Skannaa koneesi Ewido Online Scannerilla
* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========
Loistava ohje tietokoneeen nopeuttamiseksi
http://neko.1g.fi/ohje/hidastelua.html
==========
Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
==========
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
ja ewido online skannerin raportti
|
|
jaeskol
Newbie
|
8. elokuuta 2007 @ 12:55 |
Linkki tähän viestiin
|
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Pekka\Cookies\pekka@advertising[1].txt
Risk: Medium
Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Pekka\Cookies\pekka@doubleclick[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\Pekka\Cookies\pekka@msnportal.112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\Pekka\Cookies\pekka@statistik-gallup[1].txt
Risk: Medium
Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Pekka\Cookies\pekka@tradedoubler[1].txt
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-21-507921405-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-21-507921405-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Risk: Medium
Name: Adware.Generic
Path: HKU\S-1-5-21-507921405-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764}
Risk: Medium
Name: Not-A-Virus.Exploit.Java.Gimsh.a
Path: C:\Documents and Settings\Pekka\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-3f551d86-13789133.class
Risk: Low
Name: Adware.SpywareQuake
Path: C:\Documents and Settings\Pekka\Työpöytä\SpyQuake2.com\Spy-Quake2.exe
Risk: Medium
Name: Adware.180Solutions
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP202\A0032823.exe
Risk: Medium
Name: Adware.Zango
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP202\A0032824.dll
Risk: Medium
Name: Adware.180Solutions
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP203\A0032838.exe
Risk: Medium
Name: Adware.Zango
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP203\A0032839.dll
Risk: Medium
Name: Dropper.Small
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP215\A0034705.exe
Risk: High
Name: Adware.HotBar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041933.dll
Risk: Medium
Name: Adware.Hotbar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041935.exe
Risk: Medium
Name: Adware.HotBar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041936.dll
Risk: Medium
Name: Adware.HotBar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041938.dll
Risk: Medium
Name: Adware.HotBar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041956.dll
Risk: Medium
Name: Adware.Hotbar
Path: C:\System Volume Information\_restore{0B33ED08-A985-44C1-971B-BD05CBC5A8F6}\RP238\A0041958.dll
Risk: Medium
Name: Not-A-Virus.Hoax.Win32.Renos.dp
Path: C:\WINDOWS\system32\viruxz.dll_tobedeleted
Risk: Low
boludo
|
|
jaeskol
Newbie
|
8. elokuuta 2007 @ 13:37 |
Linkki tähän viestiin
|
Tuossa edellisessä viestissä siis se ewido-loki
Deckard's System Scanner v20070807.62
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.73 MiB / 648.54 MiB
Pagefile Memory (total/avail): 2461.4 MiB / 2107.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1968.73 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 95.48 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Pekka\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OMA-OXU8OD0O7E9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Pekka
LOGONSERVER=\\OMA-OXU8OD0O7E9
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Pekka\LOCALS~1\Temp
TMP=C:\DOCUME~1\Pekka\LOCALS~1\Temp
USERDOMAIN=OMA-OXU8OD0O7E9
USERNAME=Pekka
USERPROFILE=C:\Documents and Settings\Pekka
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Pekka (admin)
Järjestelmänvalvoja (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\BWUnin-6.1.4.41-7681197L.exe -AppId 7681197
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Deep --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~1\E-Color\3Deep\tdpunins.dll" ProdName3Deep
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70700000002}
Anvil Studio --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Anvil Studio\ST5UNST.LOG"
ASUS Probe V2.20.02 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{AD211425-49BE-48D4-889C-C614DA6AC4AD}
B's CLiP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\setup.exe" -l0x9
BHA B's Recorder GOLD BASIC 7.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36D00AE6-69DE-4087-A1A9-84ADD10E5530}\setup.exe" -l0x9
DC++ 0.688 --> "C:\Program Files\DC++\uninstall.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EPSON-tulostinohjelma --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESDX4800_4200 Käyttöopas --> C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 1.99.1 --> C:\HijackThis\HijackThis.exe /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
Malwarebytes' RogueRemover 1.21 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{9011040B-6000-11D3-8CFE-0050048383C9}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
neoDVDplus --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1AD7439-FBCA-4345-A780-2A5617EBA9DE} /l1033
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL/zUNINSTALL
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Selaus välilehtiä käyttäen (Windows Live Toolbar) --> MsiExec.exe /X{E14FC354-9ED8-4D79-A7DA-356D66BF5F54}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{71A52B94-5BF1-4B0A-8098-37A9D495D5D8}
True Internet Color --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\True Internet Color\Uninst.isu" -c"C:\Program Files\E-Color\True Internet Color\TICUninstall.dll"
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Video ActiveX Solution 1.15 --> C:\Program Files\Video ActiveX Access\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{57319C68-AC4B-43DB-B516-349FE09E6774}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {2CE1413E-6B0F-4150-8E15-EC8090DFBA81}
Windows Live Toolbar --> MsiExec.exe /X{2CE1413E-6B0F-4150-8E15-EC8090DFBA81}
Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{2C4BFAFE-F698-421B-8687-4CBF9A5FD5E0}
-- Application Event Log -------------------------------------------------------
Event ID #6265: Warning
Event Submitted/Written: 08/07/2007 09:26:29 PM
Event Source: WinMgmt
Event Description:
Palvelu OffProv10 on rekisteröity WMI-nimitilaan Root\MSAPPS10, mutta HostingModel-ominaisuutta ei ole määritetty. Palvelu suoritetaan LocalSystem-tilin avulla. Tämä tili on etuoikeutettu, ja palvelu saattaa aiheuttaa suojausrikkomuksen, jos se ei esitä oikeita käyttäjäpyyntöjä. Varmista , että palvelun suojaustoiminnot on tarkistettu ja päivitä palvelun rekisteröinnin HostingModel-ominaisuus tiliin, jolla on pienin palvelun käyttämiseen tarvittava suojaustaso.
Event ID #6264: Warning
Event Submitted/Written: 08/07/2007 09:26:29 PM
Event Source: WinMgmt
Event Description:
Palvelu OffProv10 on rekisteröity WMI-nimitilaan Root\MSAPPS10, mutta HostingModel-ominaisuutta ei ole määritetty. Palvelu suoritetaan LocalSystem-tilin avulla. Tämä tili on etuoikeutettu, ja palvelu saattaa aiheuttaa suojausrikkomuksen, jos se ei esitä oikeita käyttäjäpyyntöjä. Varmista , että palvelun suojaustoiminnot on tarkistettu ja päivitä palvelun rekisteröinnin HostingModel-ominaisuus tiliin, jolla on pienin palvelun käyttämiseen tarvittava suojaustaso.
Event ID #6251: Error
Event Submitted/Written: 08/07/2007 08:07:06 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus iexplore.exe, versio 7.0.6000.16473, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.
Event ID #6250: Error
Event Submitted/Written: 08/07/2007 08:02:21 PM
Event Source: Application Error
Event Description:
Virhesovellus drwtsn32.exe, versio 5.1.2600.0, moduuli dbghelp.dll, versio 5.1.2600.2180, osoite 0x0001295d.
Käsitellään mediakohtaista tapahtumaa: [drwtsn32.exe!ws!]
Event ID #6237: Error
Event Submitted/Written: 08/07/2007 03:56:48 AM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus iexplore.exe, versio 7.0.6000.16473, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event ID #3512: Error
Event Submitted/Written: 08/08/2007 01:19:37 AM
Event Source: Service Control Manager
Event Description:
Palvelua combofix ei voi käynnistää. Virhekoodi on
%%1053
Event ID #3511: Error
Event Submitted/Written: 08/08/2007 01:19:37 AM
Event Source: Service Control Manager
Event Description:
Aikakatkaisu (30000 ms) odottaa palvelun combofix yhdistymistä.
Event ID #3472: Error
Event Submitted/Written: 08/07/2007 08:40:44 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun StiSvc argumenteilla ""
suorittaakseen palvelinosan:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event ID #3471: Error
Event Submitted/Written: 08/07/2007 08:40:41 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun StiSvc argumenteilla ""
suorittaakseen palvelinosan:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event ID #3470: Error
Event Submitted/Written: 08/07/2007 08:40:28 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun StiSvc argumenteilla ""
suorittaakseen palvelinosan:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:23:40 ---------
Deckard's System Scanner v20070807.62
Run by Pekka on 2007-08-08 at 17:22:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
44: 2007-08-08 14:22:21 UTC - RP245 - Deckard's System Scanner Restore Point
43: 2007-08-08 14:12:02 UTC - RP244 - Installed Java(TM) 6 Update 2
42: 2007-08-08 13:58:36 UTC - RP243 - Removed J2SE Runtime Environment 5.0 Update 6
41: 2007-08-07 22:18:09 UTC - RP242 - ComboFix created restore point
40: 2007-08-07 21:38:32 UTC - RP241 - ComboFix created restore point
-- First Restore Point --
1: 2007-05-13 11:47:03 UTC - RP202 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Pekka.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:23:00, on 8.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\bwgo0000613a.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Pekka\Työpöytä\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\HIJACK~1\Pekka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------
backup-20070807-224747-262 O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c0059240.dat
backup-20070807-224747-814 O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E3147899AA6A2A1FBB39BFE4976E26CAEDDA7C5C7842213DC6C3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (file missing)
backup-20070807-224749-356 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZSzim029YYFI
backup-20070807-224749-389 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
backup-20070807-224749-735 O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
backup-20070807-224749-994 O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
backup-20070807-230453-799 O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe"
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 BsStor (B.H.A Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 BsUDF (B.H.A UDF Filesystem) - c:\windows\system32\drivers\bsudf.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys
S3 BS_DEF - c:\windows\system32\drivers\bs_def.sys (file missing)
S3 catchme - c:\docume~1\pekka\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe"
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe"
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe"
S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe"
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB-ohjain
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_80A61043&REV_02\3&267A616A&0&EF
Manufacturer:
Name: USB-ohjain
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_80A61043&REV_02\3&267A616A&0&EF
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-08-08 15:47:02 256 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
-- Files created between 2007-07-08 and 2007-08-08 -----------------------------
2007-08-08 17:12:05 0 d-------- C:\Program Files\Java
2007-08-08 17:12:04 0 d-------- C:\Program Files\Common Files\Java
2007-08-07 23:12:21 0 d-------- C:\Program Files\RogueRemover FREE
2007-08-07 21:28:34 0 d-------- C:\WINDOWS\pss
2007-08-07 20:40:38 0 d-------- C:\Program Files\SmitfraudFix
2007-08-07 19:58:53 3788 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 17:23:36 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2007-08-07 17:23:36 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2007-08-07 17:23:36 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2007-08-07 17:23:36 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2007-08-07 17:23:35 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2007-08-07 17:23:35 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2007-08-07 17:23:35 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2007-08-07 17:23:35 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2007-08-07 17:23:35 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2007-08-07 17:23:35 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2007-08-07 17:23:35 524288 --ah----- C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT
2007-08-07 17:23:35 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2007-08-07 17:23:35 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2007-08-07 17:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-07 11:31:42 0 d-------- C:\Program Files\XoftSpySE
2007-08-07 04:00:26 0 d-------- C:\HijackThis
2007-08-07 02:21:18 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
-- Find3M Report ---------------------------------------------------------------
2007-08-08 17:12:04 0 d-------- C:\Program Files\Common Files
2007-08-08 16:51:15 0 d-------- C:\Documents and Settings\Pekka\Application Data\Skype
2007-08-08 16:49:51 0 d-------- C:\Program Files\lg_fwupdate
2007-07-11 17:07:53 0 d-------- C:\Documents and Settings\Pekka\Application Data\AdobeUM
2007-06-25 10:34:23 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [04.04.2003 13:38]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04.04.2003 13:56]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [06.06.2002 11:52]
"B'sCLiP"="C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe" [05.11.2003 05:38]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02.02.2005 07:00]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02.11.2004 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [12.04.2005 10:11]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16.07.2006 20:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.09.2004 16:12]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29.07.2006 19:34]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [10.08.2006 10:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [18.12.2006 18:32]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14.06.2007 12:21]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [19.07.2005 11:14]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 16:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 12:01:04]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:23:40 ---------
boludo
|
|
Auttaja
Suspended permanently
|
8. elokuuta 2007 @ 18:30 |
Linkki tähän viestiin
|
Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:
Comodo
Kerio
Zonealarm
========
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
|
|
Mainos
|
|
|
|
jaeskol
Newbie
|
8. elokuuta 2007 @ 20:28 |
Linkki tähän viestiin
|
|
Kiitoksia ajastasi ja vaivannäöstä!
boludo
|
|
