|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
mulle sanottii että loki tänne joten täs on mun hjt loki
|
|
|
Juippi93
Member
|
21. lokakuuta 2007 @ 10:51 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:48, on 21.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.fi.soneraplaza.net/cgi/sonera-ie5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redir...=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\sqfkbiar.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2007...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websit...bridge-c336.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2..._instmodule.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedown...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1095593698578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\system32\dbqlrij.dll (file missing)
O22 - SharedTaskScheduler: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\system32\dbqlrij.dll (file missing)
O22 - SharedTaskScheduler: aht - {46f5a8b0-0b73-48c5-9e40-3c443a43c161} - C:\WINDOWS\system32\muvdjo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 12018 bytes
Eli mitäs tehää
|
|
tomato71
Suspended due to non-functional email address
|
21. lokakuuta 2007 @ 15:50 |
Linkki tähän viestiin
|
moi
uudelleen nimeä HijackThis.exe vaikkapa juippi.exe :s
Lataa SmitfraudFix (by S!Ri) työpöydällesi.
Tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Lähetä smitfraud-loki ja hjt-loki(uudelleen nimeämisen jälkeen)
www.virustorjunta.net
|
|
Juippi93
Member
|
21. lokakuuta 2007 @ 19:23 |
Linkki tähän viestiin
|
täs on tää toinen log
SmitFraudFix v2.240
Scan done at 19:20:24,96, su 21.10.2007
Run from C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MARKUS HYNNINEN
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MARKUS HYNNINEN\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MARKUS~1\Suosikit
C:\DOCUME~1\MARKUS~1\Suosikit\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af4fd984-a939-4c32-82b2-8bae7abe9aec}"="benumbment"
[HKEY_CLASSES_ROOT\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}\InProcServer32]
@="C:\WINDOWS\system32\dbqlrij.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}\InProcServer32]
@="C:\WINDOWS\system32\dbqlrij.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{46f5a8b0-0b73-48c5-9e40-3c443a43c161}"="aht"
[HKEY_CLASSES_ROOT\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce MCP Networking Adapter - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.0.1
Description: ZyXEL USB ADSL Modem - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1
Description: ZyXEL USB ADSL Modem - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
tomato71
Suspended due to non-functional email address
|
21. lokakuuta 2007 @ 20:20 |
Linkki tähän viestiin
|
www.virustorjunta.net
|
|
Juippi93
Member
|
22. lokakuuta 2007 @ 08:43 |
Linkki tähän viestiin
|
Juu että siis ku oon nimenny HiJackThis.exe:n vaikka juippi.exe:ksi ni ajan ohjelman uudestaan ja laitan uuden lokin sitte tänne?
|
|
tomato71
Suspended due to non-functional email address
|
22. lokakuuta 2007 @ 10:19 |
Linkki tähän viestiin
|
|
jep,juuri näin
www.virustorjunta.net
|
|
Juippi93
Member
|
22. lokakuuta 2007 @ 15:55 |
Linkki tähän viestiin
|
Mä siis nimesin ainoastaan sen kuvakkeen juipiksi jos pitää tehä jotaa muuta rro toki
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:45, on 22.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\Juippi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.fi.soneraplaza.net/cgi/sonera-ie5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redir...=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3497297D-F79E-41D1-9EE5-A8A8381E9EE1} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\woifatjn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2007...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websit...bridge-c336.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2..._instmodule.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedown...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1095593698578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O21 - SSODL: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\system32\dbqlrij.dll (file missing)
O22 - SharedTaskScheduler: benumbment - {af4fd984-a939-4c32-82b2-8bae7abe9aec} - C:\WINDOWS\system32\dbqlrij.dll (file missing)
O22 - SharedTaskScheduler: aht - {46f5a8b0-0b73-48c5-9e40-3c443a43c161} - C:\WINDOWS\system32\muvdjo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 13070 bytes
|
|
Juippi93
Member
|
22. lokakuuta 2007 @ 15:58 |
Linkki tähän viestiin
|
|
ja by the way se on se rro oikeesti kerro ku näppis lagaa kans
|
|
tomato71
Suspended due to non-functional email address
|
22. lokakuuta 2007 @ 16:35 |
Linkki tähän viestiin
|
ok :D
ja sitten....
Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.
Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.
Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.
Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".
Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.
ja sen jälkeen..
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Lähetä smitti-lokin (C:\rapport.txt) + vundo-lokin (C:\vundofix.txt ) + uusi hjt-loki
www.virustorjunta.net
|
|
Juippi93
Member
|
24. lokakuuta 2007 @ 15:10 |
Linkki tähän viestiin
|
|
JUU tuli taas sellane ongelma ku mulla oli ennen windows 98 sillä vika sieto tila valikon esilleku restarttas koneen insinööri nappulasta mutta miten hel******* tän XP:n saa vikasieto tilaan??
|
|
tomato71
Suspended due to non-functional email address
|
24. lokakuuta 2007 @ 15:25 |
Linkki tähän viestiin
|
|
[*]Käynnistä tietokone
[*]Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
[*]Seuraavaksi pitäisi ilmestyä valikko
[*]Valitse valikosta vikasietotila.
www.virustorjunta.net
|
|
Juippi93
Member
|
25. lokakuuta 2007 @ 08:30 |
Linkki tähän viestiin
|
|
kiitti ku kirjotan tätä viestiä oon koulun atk tunnilla joten siks en lähetä lokia vielä
|
|
Juippi93
Member
|
25. lokakuuta 2007 @ 15:15 |
Linkki tähän viestiin
|
Täs on mun optio 2 clean loki
SmitFraudFix v2.240
Scan done at 14:52:14,90, to 25.10.2007
Run from C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af4fd984-a939-4c32-82b2-8bae7abe9aec}"="benumbment"
[HKEY_CLASSES_ROOT\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}\InProcServer32]
@="C:\WINDOWS\system32\dbqlrij.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}\InProcServer32]
@="C:\WINDOWS\system32\dbqlrij.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{46f5a8b0-0b73-48c5-9e40-3c443a43c161}"="aht"
[HKEY_CLASSES_ROOT\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\MARKUS~1\Suosikit\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{017AD50F-2020-4782-98E8-4A5AACF82114}: DhcpNameServer=192.168.1.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9548319-CD34-4CED-8B28-E8AA979F28AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E980ED53-C748-4115-AE79-F680C6083A09}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Juippi93
Member
|
25. lokakuuta 2007 @ 15:40 |
Linkki tähän viestiin
|
Täs on tä vundo fix
VundoFix V6.5.10
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 15:19:05 25.10.2007
Listing files found while scanning....
C:\windows\system32\jrrvmugs.dll
C:\WINDOWS\system32\qhltgmhg.dll
C:\windows\system32\qtstv.bak1
C:\windows\system32\qtstv.bak2
C:\windows\system32\qtstv.ini
C:\windows\system32\qtstv.ini2
C:\windows\system32\sgumvrrj.ini
C:\WINDOWS\system32\woifatjn.dll
C:\windows\system32\vtstq.dll
Beginning removal...
Attempting to delete C:\windows\system32\jrrvmugs.dll
C:\windows\system32\jrrvmugs.dll Has been deleted!
Attempting to delete C:\windows\system32\qtstv.bak1
C:\windows\system32\qtstv.bak1 Has been deleted!
Attempting to delete C:\windows\system32\qtstv.bak2
C:\windows\system32\qtstv.bak2 Has been deleted!
Attempting to delete C:\windows\system32\qtstv.ini
C:\windows\system32\qtstv.ini Has been deleted!
Attempting to delete C:\windows\system32\qtstv.ini2
C:\windows\system32\qtstv.ini2 Has been deleted!
Attempting to delete C:\windows\system32\sgumvrrj.ini
C:\windows\system32\sgumvrrj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\woifatjn.dll
C:\WINDOWS\system32\woifatjn.dll Has been deleted!
Attempting to delete C:\windows\system32\vtstq.dll
C:\windows\system32\vtstq.dll Has been deleted!
Performing Repairs to the registry.
Done!
ja täs hi jack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:23, on 25.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Trend Micro\HijackThis\Juippi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AAB0C2B7-7E1C-4CDC-8692-E97B075F5E04} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [1ce26c60] rundll32.exe "C:\WINDOWS\system32\eeplluym.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2007...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websit...bridge-c336.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2..._instmodule.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedown...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1095593698578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11775 bytes
kone on iha pirun nopee ny. tota pitääkö tehä viel muuta????
|
|
tomato71
Suspended due to non-functional email address
|
25. lokakuuta 2007 @ 22:41 |
Linkki tähän viestiin
|
pitää.....
Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AAB0C2B7-7E1C-4CDC-8692-E97B075F5E04} - C:\WINDOWS\system32\vtstq.dll (file missing)
O4 - HKLM\..\Run: [1ce26c60] rundll32.exe "C:\WINDOWS\system32\eeplluym.dll",b
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä uusi hjt-loki ja C:\ComboFix.txt
www.virustorjunta.net
|
|
Juippi93
Member
|
26. lokakuuta 2007 @ 14:58 |
Linkki tähän viestiin
|
Täs ois tä combofix
ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-26 14:40:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.101 [GMT 3:00]
Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cmluehih.dll
C:\WINDOWS\system32\gyxsnbry.ini
C:\WINDOWS\system32\hiheulmc.ini
C:\WINDOWS\system32\ixplsifk.ini
C:\WINDOWS\system32\kfislpxi.dll
C:\WINDOWS\system32\ltvywrgo.dll
C:\WINDOWS\system32\lyeoybiu.ini
C:\WINDOWS\system32\ogrwyvtl.ini
C:\WINDOWS\system32\uibyoeyl.dll
C:\WINDOWS\system32\vrexfpmx.ini
C:\WINDOWS\system32\xmpfxerv.dll
C:\WINDOWS\system32\yrbnsxyg.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-26 to 2007-10-26 )))))))))))))))))
.
2007-10-26 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 15:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-25 15:19 <KANSIO> d-------- C:\VundoFix Backups
2007-10-25 15:09 84,544 --a------ C:\WINDOWS\system32\eeplluym.dll
2007-10-24 15:01 84,544 --------- C:\WINDOWS\system32\pfqfcoki.dll
2007-10-23 17:05 <KANSIO> d-------- C:\ijji
2007-10-23 15:58 84,544 --a------ C:\WINDOWS\system32\ejgqlcsg.dll
2007-10-21 19:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-21 19:29 <KANSIO> d-------- C:\Program Files\NHN USA
2007-10-21 19:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-21 19:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-21 19:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-21 19:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-21 19:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-21 19:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-21 19:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-21 10:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-11 16:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
2007-10-10 15:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-22 13:08 --------- d-----w C:\Program Files\JAM KT v3
2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
2007-09-19 16:39 --------- d-----w C:\Program Files\HP
2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
2007-09-18 16:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-17 19:18 --------- d-----w C:\Program Files\MSBuild
2007-09-17 18:50 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-11 14:07 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
2007-09-10 17:45 --------- d-----w C:\Program Files\DivX
2007-09-09 13:43 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
2007-09-09 11:19 --------- d-----w C:\Program Files\Vidomi
2007-09-09 09:34 --------- d-----w C:\Program Files\Apache2
2007-09-07 14:22 --------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-09-07 14:06 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-05 08:46 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
2007-09-05 08:43 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
2007-09-04 04:57 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
2007-09-03 15:39 --------- d-----w C:\Program Files\Lavasoft
2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
2007-09-03 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-03 14:07 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
2007-09-02 11:33 429,568 ----a-w C:\WINDOWS\system32\fmod64.dll
2007-09-02 11:33 161,280 ----a-w C:\WINDOWS\system32\fmod.dll
2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
2007-09-01 18:31 --------- d-----w C:\Program Files\MPEG4 Direct Maker
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
2007-09-01 11:33 --------- d-----w C:\Program Files\Audacity
2007-09-01 10:08 --------- d-----w C:\Program Files\FMV-Extractor
2007-09-01 09:58 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
2007-09-01 09:44 --------- d-----w C:\Program Files\RealMedia
2007-09-01 09:44 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-09-01 09:44 --------- d-----w C:\Program Files\DScaler5
2007-09-01 09:44 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-09-01 09:43 --------- d-----w C:\Program Files\SHOUTcast Source
2007-09-01 09:43 --------- d-----w C:\Program Files\Haali
2007-09-01 09:42 --------- d-----w C:\Program Files\ffdshow
2007-09-01 09:41 --------- d-----w C:\Program Files\DirectVobSub
2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 11:39 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\HP
2007-08-27 09:21 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\HP
2007-08-27 08:40 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-27 08:37 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 09:59 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 09:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 09:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-20 09:58 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 09:58 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 09:58 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 09:58 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 09:58 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 09:58 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 09:58 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 09:58 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 09:58 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 09:58 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 09:58 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 09:58 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 09:58 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 09:58 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 09:58 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 09:58 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-17 10:21 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:21 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 16:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 16:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 16:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 16:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 16:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 16:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 16:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 16:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 07:14]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
"nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 18:27]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 20:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-26 11:52:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-26 11:11:04 C:\WINDOWS\Tasks\Scheduled scanning task.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 14:51:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-26 14:55:17 - machine was rebooted
.
--- E O F ---
|
|
Juippi93
Member
|
26. lokakuuta 2007 @ 15:02 |
Linkki tähän viestiin
|
täs on HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:13, on 26.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsqh.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Juippi.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/2007...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websit...bridge-c336.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2..._instmodule.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedown...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1095593698578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.lumonetti.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11238 bytes
|
|
tomato71
Suspended due to non-functional email address
|
26. lokakuuta 2007 @ 16:15 |
Linkki tähän viestiin
|
ja siten...
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\pfqfcoki.dll
C:\WINDOWS\system32\ejgqlcsg.dll
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
ja sitten...
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasiKlikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
ja lopputarkistus
Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.[list]
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
lähetä combofix.txt-tiedoston sisältö tänne ja kasperskyn-loki
www.virustorjunta.net
|
|
Juippi93
Member
|
27. lokakuuta 2007 @ 10:59 |
Linkki tähän viestiin
|
|
jaa siis tääkö on quote box ??
File::
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\pfqfcoki.dll
C:\WINDOWS\system32\ejgqlcsg.dll
|
|
tomato71
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 11:28 |
Linkki tähän viestiin
|
kyl,eli teksti mikä on katkoviivojen välis
Lainaus:
File::
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\pfqfcoki.dll
C:\WINDOWS\system32\ejgqlcsg.dll
www.virustorjunta.net
|
|
Juippi93
Member
|
27. lokakuuta 2007 @ 17:05 |
Linkki tähän viestiin
|
täs tää uus compo fiksi
ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-27 16:51:07.3 - NTFSx86
Komentosarjan C:\ComboFix\osid.vbs suoritusaika ylitettiin.
Komentosarjan suorittaminen p??ttyi.
Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\ComboFix.exe
Command switches used :: C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\ejgqlcsg.dll
C:\WINDOWS\system32\pfqfcoki.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\ejgqlcsg.dll
C:\WINDOWS\system32\pfqfcoki.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-27 to 2007-10-27 )))))))))))))))))
.
2007-10-26 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 15:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-25 15:19 <KANSIO> d-------- C:\VundoFix Backups
2007-10-23 17:05 <KANSIO> d-------- C:\ijji
2007-10-21 19:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-21 19:29 <KANSIO> d-------- C:\Program Files\NHN USA
2007-10-21 19:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-21 19:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-21 19:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-21 19:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-21 19:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-21 19:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-21 19:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-21 10:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-11 16:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
2007-10-10 15:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 08:10 --------- d-----w C:\Program Files\JAM KT v3
2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
2007-09-19 16:39 --------- d-----w C:\Program Files\HP
2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
2007-09-18 16:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-17 19:18 --------- d-----w C:\Program Files\MSBuild
2007-09-17 18:50 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-11 14:07 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
2007-09-10 17:45 --------- d-----w C:\Program Files\DivX
2007-09-09 13:43 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
2007-09-09 11:19 --------- d-----w C:\Program Files\Vidomi
2007-09-09 09:34 --------- d-----w C:\Program Files\Apache2
2007-09-07 14:22 --------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-09-07 14:06 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-05 08:46 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
2007-09-05 08:43 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
2007-09-04 04:57 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
2007-09-03 15:39 --------- d-----w C:\Program Files\Lavasoft
2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
2007-09-03 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-03 14:07 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
2007-09-01 18:31 --------- d-----w C:\Program Files\MPEG4 Direct Maker
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
2007-09-01 11:33 --------- d-----w C:\Program Files\Audacity
2007-09-01 10:08 --------- d-----w C:\Program Files\FMV-Extractor
2007-09-01 09:58 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
2007-09-01 09:44 --------- d-----w C:\Program Files\RealMedia
2007-09-01 09:44 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-09-01 09:44 --------- d-----w C:\Program Files\DScaler5
2007-09-01 09:44 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-09-01 09:43 --------- d-----w C:\Program Files\SHOUTcast Source
2007-09-01 09:43 --------- d-----w C:\Program Files\Haali
2007-09-01 09:42 --------- d-----w C:\Program Files\ffdshow
2007-09-01 09:41 --------- d-----w C:\Program Files\DirectVobSub
2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 11:39 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\HP
2007-08-27 09:21 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\HP
2007-08-27 08:40 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-27 08:37 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 07:14]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
"nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 18:27]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 20:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-27 14:00:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-27 07:50:04 C:\WINDOWS\Tasks\Scheduled scanning task.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 16:58:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:03:33 - machine was rebooted
.
--- E O F ---
|
|
Juippi93
Member
|
27. lokakuuta 2007 @ 19:51 |
Linkki tähän viestiin
|
täs on tää
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 27, 2007 7:49:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/10/2007
Kaspersky Anti-Virus database records: 447112
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 64917
Number of viruses found 9
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 02:24:59
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12032006-221314.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispn.ini Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispnc.items Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Application Data\ispnews\ispnr.items Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0E4F6227-C9E4-420D-A1DC-080F3C2C9869} Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Sivuhistoria\History.IE5\MSHist012007102720071028\index.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\ntuser.dat Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MARKUS HYNNINEN\Työpöytä\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\e9750716b551743d7aa6\mrtstub.exe Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\Anti-Virus\Qrt.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\fsbwupst.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\L0000015.FCS Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Sonera Tietoturva\backweb\4653381\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Sonera Tietoturva\Common\admin.pub Object is locked skipped
C:\Program Files\Sonera Tietoturva\Common\policy.bpf Object is locked skipped
C:\Program Files\Sonera Tietoturva\Common\policy.ipf Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cmluehih.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP22\A0002812.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP24\A0004943.dll Object is locked skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004967.dll Object is locked skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004968.dll Object is locked skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004969.dll Object is locked skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP25\A0004974.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP28\A0009126.dll Object is locked skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP29\A0009169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP33\A0010305.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP35\A0015443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vr skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP37\A0017523.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\_restore{902C8A14-3E6B-4B0A-9426-1861C61B6C54}\RP38\change.log Object is locked skipped
C:\VundoFix Backups\vtstq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.vr skipped
C:\WINDOWS\$NtUninstallKB824141$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ311542$\pci.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ311542$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
C:\WINDOWS\$NtUninstallQ328940$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\13173mr3.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\4d8861tf.dll Infected: not-a-virus:AdWare.Win32.Sahat.be skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
|
|
tomato71
Suspended due to non-functional email address
|
28. lokakuuta 2007 @ 14:06 |
Linkki tähän viestiin
|
ja vielä löytyy örkkejä :D
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\system32\13173mr3.ini
C:\WINDOWS\system32\4d8861tf.dll
Poista kansio C:\VundoFixBackups
Lähetä combofix.txt
laitetaan vielä yksi skanneri,niitä voi olla vielä..
Tarkista koneesi F-Securen online skannerilla
Huom, skanneri toimii vain Internet Explorer selaimella
* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti
o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna
* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi
www.virustorjunta.net
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 28. lokakuuta 2007 @ 14:07
|
|
Juippi93
Member
|
28. lokakuuta 2007 @ 20:55 |
Linkki tähän viestiin
|
täs tass compo fix
ComboFix 07-10-23.2 - MARKUS HYNNINEN 2007-10-27 16:51:07.3 - NTFSx86
Komentosarjan C:\ComboFix\osid.vbs suoritusaika ylitettiin.
Komentosarjan suorittaminen p??ttyi.
Running from: C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\ComboFix.exe
Command switches used :: C:\Documents and Settings\MARKUS HYNNINEN\Ty?p?yt?\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\ejgqlcsg.dll
C:\WINDOWS\system32\pfqfcoki.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\eeplluym.dll
C:\WINDOWS\system32\ejgqlcsg.dll
C:\WINDOWS\system32\pfqfcoki.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-27 to 2007-10-27 )))))))))))))))))
.
2007-10-26 14:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 15:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-25 15:19 <KANSIO> d-------- C:\VundoFix Backups
2007-10-23 17:05 <KANSIO> d-------- C:\ijji
2007-10-21 19:30 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-21 19:29 <KANSIO> d-------- C:\Program Files\NHN USA
2007-10-21 19:29 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-21 19:21 4,518 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-21 19:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-21 19:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-21 19:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-21 19:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-21 19:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-21 10:46 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-11 16:18 <KANSIO> d-------- C:\Documents and Settings\MARKUS HYNNINEN\system
2007-10-10 15:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 08:10 --------- d-----w C:\Program Files\JAM KT v3
2007-10-21 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Printer Info Cache
2007-09-19 16:41 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Image Zone Express
2007-09-19 16:39 --------- d-----w C:\Program Files\HP
2007-09-19 16:39 --------- d-----w C:\Program Files\Common Files\HP
2007-09-18 16:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-17 19:18 --------- d-----w C:\Program Files\MSBuild
2007-09-17 18:50 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-11 14:07 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\Ahead
2007-09-10 17:45 --------- d-----w C:\Program Files\DivX
2007-09-09 13:43 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\Ahead
2007-09-09 11:19 --------- d-----w C:\Program Files\Vidomi
2007-09-09 09:34 --------- d-----w C:\Program Files\Apache2
2007-09-07 14:22 --------- d-----w C:\Program Files\CD_DVD-ROM Generator 1.20
2007-09-07 14:06 --------- d-----w C:\Program Files\DVD Decrypter
2007-09-05 08:46 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\HP
2007-09-05 08:43 --------- d-----w C:\Documents and Settings\PASI HYNNINEN\Application Data\Ahead
2007-09-04 15:36 --------- d-----w C:\Program Files\Half-Life 2
2007-09-04 15:36 --------- d-----w C:\Program Files\Electronic Arts
2007-09-04 15:32 --------- d-----w C:\Program Files\EA GAMES
2007-09-04 04:57 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Ahead
2007-09-03 15:39 --------- d-----w C:\Program Files\Lavasoft
2007-09-03 15:39 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\Lavasoft
2007-09-03 15:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-03 14:07 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\OnReally
2007-09-02 09:37 --------- d-----w C:\Program Files\LucasArts
2007-09-01 18:31 --------- d-----w C:\Program Files\MPEG4 Direct Maker
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\MSN6
2007-09-01 17:29 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\MSN6
2007-09-01 11:33 --------- d-----w C:\Program Files\Audacity
2007-09-01 10:08 --------- d-----w C:\Program Files\FMV-Extractor
2007-09-01 09:58 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\STOIK
2007-09-01 09:44 --------- d-----w C:\Program Files\RealMedia
2007-09-01 09:44 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-09-01 09:44 --------- d-----w C:\Program Files\DScaler5
2007-09-01 09:44 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-09-01 09:43 --------- d-----w C:\Program Files\SHOUTcast Source
2007-09-01 09:43 --------- d-----w C:\Program Files\Haali
2007-09-01 09:42 --------- d-----w C:\Program Files\ffdshow
2007-09-01 09:41 --------- d-----w C:\Program Files\DirectVobSub
2007-08-31 20:53 --------- d-----w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\HP
2007-08-29 15:01 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\InterVideo
2007-08-29 12:30 --------- d-----w C:\Program Files\CFWebAdvancedU
2007-08-29 12:30 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\CamfrogWEB
2007-08-28 07:21 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-27 11:39 --------- d-----w C:\Documents and Settings\MARKUS HYNNINEN\Application Data\HP
2007-08-27 09:21 --------- d-----w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\HP
2007-08-27 08:40 --------- d-----w C:\Program Files\Hewlett-Packard
2007-08-27 08:37 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2006-11-15 13:27 34,344 -c--a-w C:\Documents and Settings\PEKKA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
2006-03-21 20:45 34,776 -c--a-w C:\Documents and Settings\TARJA LAURIKAINEN\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 13:40]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 07:14]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-09-17 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"F-Secure Manager"="C:\Program Files\Sonera Tietoturva\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 22:43]
"nwiz"="nwiz.exe" [2006-08-11 22:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-15 18:27]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 20:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R1 XPROTECTOR;XPROTECTOR;\??\C:\WINDOWS\system32\drivers\Oreans.sys
R2 BackWeb Plug-in - 4653381;dna Nettiturva;C:\PROGRA~1\SONERA~1\backweb\4653381\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 adxapie;adxapie;\??\C:\DOCUME~1\PEKKAL~1\LOCALS~1\Temp\adxapie.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-27 14:00:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-27 07:50:04 C:\WINDOWS\Tasks\Scheduled scanning task.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 16:58:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 17:03:33 - machine was rebooted
.
--- E O F ---
|
|
Mainos
|
|
|
|
tomato71
Suspended due to non-functional email address
|
28. lokakuuta 2007 @ 20:59 |
Linkki tähän viestiin
|
|
sit vielä se f-securen loki
www.virustorjunta.net
|
|
