|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Security toolbar 7.1? apua! käyttöjärjetelmä vista
|
|
|
syylaZ
Suspended due to non-functional email address
|
28. lokakuuta 2007 @ 15:37 |
Linkki tähän viestiin
|
Hei! Sain exploreriin jonkun ihmeen security toolbar 7.1 vaikka en ole asentanut sitä!! Suoritin skannauksen HijackThis v2.0.2.lla mutta nyt tarvitsisin apua sen login tarkistuksessa kun en itse ymmärrä mitkä niistä tiedostoista ovat haitallisia...? Voisiko joku ystävällinen auttaa? Kone alkaa meinaan olla jo aika jumissa. Tässä tää logi tulkattavaksi.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 25.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5792 bytes
|
Member
|
29. lokakuuta 2007 @ 01:51 |
Linkki tähän viestiin
|
Moi!
Mene Käynnistä --> Ohjausapaneeli --> Poista ohjelman asennus.
Poista listasta tämä:
Video Add-on
Käynnistä kone uudelleen.
______________________
Käynnistä HijackThis, klikkaa do a system scan only.
Sulje kaikki muut ikkunat, merkkaa nämä rivit ja paina Fix checked (jos löytyvät):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
______________________
Scannataan kone AVG Anti-Spywarella:
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
* Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
* Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
* Käynnistä AVG Anti-Spyware.
* Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
* Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
Huom!
Jos päivitys ei jostain syystä onnistunut, niin voit ladata päivitykset manuaalisesti tästä linkistä: http://www.ewido.net/en/download/updates/
* Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
* Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
* Sitten "Reports" valikon alta:
* Laita täppi kohtaan "Do not Automatically generate report"
* Ota täppi pois kohdasta"Only if threats were found"
* Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
* "Resident shield is", muuta tila active:sta inactive:ksi
* Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!
_________________
Kun vikasietotilassa, niin ensimmäiseksi poista tämä kansio:
C:\Program Files\Video Add-on
Jatka sitten AVG:n ohjeita:
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
* Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
* Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
* AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
* Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
* Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
* Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
* Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
* Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.
Postita AVG:n raportti ja uusi HjT loki :)
|
|
syylaZ
Suspended due to non-functional email address
|
29. lokakuuta 2007 @ 15:32 |
Linkki tähän viestiin
|
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 13:03:34 29.10.2007
+ Scan result:
C:\qoobox\Quarantine\C\Users\Tommi\AppData\Roaming\install_en[1].exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.ao : Cleaned with backup (quarantined).
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Users\Tommi\AppData\Roaming\Microsoft\Windows\Cookies\Low\tommi@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
::Report end
ja tässä tää hjt logi:
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5792 bytes
|
Member
|
29. lokakuuta 2007 @ 15:40 |
Linkki tähän viestiin
|
Poistitko vikasietotilassa tämän kansion?
C:\Program Files\Video Add-on
Kato onko sitä kansiota vielä olemassa ja ilmoita siitä :)
Lähettäisitkö ihan uuden kokonaisen hijackthis lokin :)
|
|
syylaZ
Suspended due to non-functional email address
|
29. lokakuuta 2007 @ 16:10 |
Linkki tähän viestiin
|
ei enää löytyny:) mitä tarkoitat kokonaisella hjt logilla? mielestäni lähetin sulle sellasen...vai enkö sitte? voinhan toki tehdä sen uudelleen:)
|
|
syylaZ
Suspended due to non-functional email address
|
29. lokakuuta 2007 @ 16:27 |
Linkki tähän viestiin
|
Jeps tässäpä tää kokonainen hjt logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 25.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5792 bytes
|
Member
|
29. lokakuuta 2007 @ 20:06 |
Linkki tähän viestiin
|
Moi!
Fixaa HijackThis:llä nämä rivit:
(Fixaus=Avaa HjT, scannaa sillä ja merkkaa mainitut rivit ja paina Fix checked)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
_________________
Käynnistä kone uudelleen.
_________________
Ajetaan Combofix viellä:
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi uuden HijackThis lokin kera.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä combofixin loki ja taas uusi HijackThis loki :)
Ps. Ovatko ongelmat kadonneet?
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 11:51 |
Linkki tähän viestiin
|
Moi!
Siinä hjt:n käynnityksessä tulee tällänen viesti:
Warning! For some reason your system denied write access to the Host file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.
Ja sit siinä tulee ratkaisuksi xp:lle joku toinen juttu ja vistalle et:
Run as adminstreitor! eli vissiin suorita järjestelmänvalvojana?
Any way tossa toi logi vielä kerran jos haluat kattoo mut nyt pistän ton
combofixin kautta toimimaan!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 25.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5792 bytes
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 12:09 |
Linkki tähän viestiin
|
moi! Tossa toi combofixin logi:
ComboFix 07-10-29.1** - Tommi 2007-10-30 11:54:39.2 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.374 [GMT 2:00]
Running from: C:\Users\Tommi\Desktop\ComboFix.exe
* Created a new restore point
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-28 to 2007-10-30 )))))))))))))))))
.
2007-10-29 22:16 <KANSIO> d-------- C:\Program Files\7-Zip
2007-10-29 11:18 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Grisoft
2007-10-29 11:17 <KANSIO> d-------- C:\Users\All Users\Grisoft
2007-10-29 11:17 <KANSIO> d-------- C:\ProgramData\Grisoft
2007-10-29 11:17 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-10-25 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-23 13:30 <KANSIO> d-------- C:\Downloads
2007-10-23 13:30 <KANSIO> d-------- C:\Bases
2007-10-23 11:33 <KANSIO> d-------- C:\Kaspersky
2007-10-23 11:09 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-23 10:51 <KANSIO> d-------- C:\VundoFix Backups
2007-10-23 08:38 <KANSIO> d-------- C:\Program Files\WinSpyControl
2007-10-23 08:38 24,064 --a------ C:\Windows\System32\msxml3a.dll
2007-10-22 11:48 <KANSIO> d-------- C:\Users\All Users\Winamp Toolbar
2007-10-22 11:48 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2007-10-22 11:48 <KANSIO> d-------- C:\ProgramData\Winamp Toolbar
2007-10-22 11:48 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2007-10-22 11:48 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-10-22 11:47 <KANSIO> d-------- C:\Program Files\Winamp Remote
2007-10-12 21:54 <KANSIO> d-------- C:\Program Files\Essentials Codec Pack
2007-10-12 21:44 <KANSIO> d-------- C:\Program Files\AC3Filter
2007-10-12 21:44 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2007-10-12 21:44 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2007-10-12 19:36 801,144 --a------ C:\Windows\System32\aswBoot.exe
2007-10-12 19:36 95,608 --a------ C:\Windows\System32\AvastSS.scr
2007-10-12 19:36 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-10-12 19:36 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-10-12 19:36 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-10-12 19:35 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-10-12 19:30 0 --a------ C:\Windows\nsreg.dat
2007-10-12 18:54 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\uTorrent
2007-10-12 18:54 <KANSIO> d-------- C:\Program Files\uTorrent
2007-10-12 14:29 292,352 --a------ C:\Windows\System32\psisdecd.dll
2007-10-12 14:29 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-10-12 14:29 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-10-12 14:29 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-10-12 14:28 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-10-12 14:28 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-10-12 14:26 2,048 --a------ C:\Windows\System32\tzres.dll
2007-10-12 14:24 414,208 --a------ C:\Windows\System32\msscp.dll
2007-10-12 14:22 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2007-10-12 14:21 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2007-10-12 14:21 1,686,528 --a------ C:\Windows\System32\gameux.dll
2007-10-12 14:21 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-10-12 14:21 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-10-12 14:17 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-10-12 14:17 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-10-12 14:16 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-12 14:16 152,576 --a------ C:\Windows\System32\imagehlp.dll
2007-10-12 14:16 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2007-10-12 14:16 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2007-10-12 14:16 5,120 --a------ C:\Windows\System32\wmi.dll
2007-10-12 14:15 2,026,496 --a------ C:\Windows\System32\win32k.sys
2007-10-12 14:15 974,336 --a------ C:\Windows\System32\crypt32.dll
2007-10-12 14:15 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-10-12 14:15 633,856 --a------ C:\Windows\System32\user32.dll
2007-10-11 17:23 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-10-11 17:23 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-10-11 17:23 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-10-11 17:23 43,352 --a------ C:\Windows\System32\wups2.dll
2007-10-11 17:22 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-10-11 17:22 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-10-11 17:22 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-10-11 17:22 33,624 --a------ C:\Windows\System32\wups.dll
2007-10-11 17:22 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-10-11 17:10 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2007-10-11 17:08 <KANSIO> d-------- C:\Windows\PCHEALTH
2007-10-11 17:08 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-09-04 17:56 <KANSIO> d-------- C:\Program Files\directx
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 14:46 7,728 ----a-w C:\Users\Tommi\AppData\Roaming\wklnhst.dat
2007-10-22 09:49 --------- d-----w C:\Program Files\Winamp
2007-10-12 19:44 --------- d-----w C:\Program Files\ffdshow
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Mail
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Defender
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Calendar
2007-10-12 12:30 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-12 12:30 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-12 12:30 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-10-12 12:30 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-12 12:30 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-10-12 12:30 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-10-12 12:30 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-12 12:30 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-10-12 12:30 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-12 12:30 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-10-12 12:30 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-12 12:30 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-12 12:30 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-12 12:30 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-12 12:30 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-10-12 12:30 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-12 12:30 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-12 12:30 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-12 12:30 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-12 12:23 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-10-12 12:23 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-12 12:23 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-12 12:23 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-10-12 12:23 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-10-12 12:23 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-12 12:23 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-10-12 12:23 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-10-12 12:23 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-12 12:23 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-10-12 12:23 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-10-12 12:23 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-10-12 12:23 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-10-12 12:21 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-10-12 12:21 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-10-12 12:21 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-10-12 12:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-10-12 12:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-12 12:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-12 12:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-12 12:18 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-10-12 12:18 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-10-12 12:18 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-10-12 12:18 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-10-12 12:18 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-10-12 12:18 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-10-12 12:18 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-10-12 12:18 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-10-12 12:18 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-10-12 12:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-09-04 16:03 --------- d-----w C:\Program Files\Common Files\3DO Shared
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2007-10-23_12.17.35,78 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-23 06:20:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-10-30 08:25:23 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-10-20 03:03:30 136,192 ----a-w C:\Windows\catchme.exe
+ 2007-10-26 07:51:17 136,192 ----a-w C:\Windows\catchme.exe
- 2007-10-22 19:40:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-10-29 10:34:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-10-23 06:22:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-10-30 08:28:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-10-30 08:28:34 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2007-10-22 19:41:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-10-29 10:34:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-10-23 06:22:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-30 08:28:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-10-23 08:06:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-30 09:20:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-23 08:06:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-30 09:20:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-23 08:06:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-30 09:20:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-23 09:12:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-10-30 09:54:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2006-10-05 12:26:24 809,808 ----a-w C:\Windows\System32\msidcrl40.dll
- 2007-10-15 14:48:16 112,216 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-10-30 08:34:05 112,216 ----a-w C:\Windows\System32\perfc009.dat
- 2007-10-15 14:48:16 88,622 ----a-w C:\Windows\System32\perfc00B.dat
+ 2007-10-30 08:34:05 88,622 ----a-w C:\Windows\System32\perfc00B.dat
- 2007-10-15 14:48:16 631,670 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-10-30 08:34:05 631,670 ----a-w C:\Windows\System32\perfh009.dat
- 2007-10-15 14:48:16 468,046 ----a-w C:\Windows\System32\perfh00B.dat
+ 2007-10-30 08:34:05 468,046 ----a-w C:\Windows\System32\perfh00B.dat
- 2007-10-12 14:11:10 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-10-30 09:29:01 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-04-02 11:21:27 139,776 ----a-w C:\Windows\System32\swreg.exe
+ 2007-04-02 12:21:27 139,776 ----a-w C:\Windows\System32\swreg.exe
- 2007-10-23 06:23:04 7,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3191971044-3670548126-80144572-1000_UserData.bin
+ 2007-10-30 08:28:47 8,502 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3191971044-3670548126-80144572-1000_UserData.bin
- 2007-10-23 06:23:03 53,096 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-30 08:28:47 54,052 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-29 17:48:17 5,856 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-10-23 06:22:41 35,206 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-30 08:28:43 37,168 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-10-16 16:48:30 202,022 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2007-10-29 17:47:43 209,126 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2007-04-17 13:34:58 7,677,744 ----a-w C:\Windows\System32\xlive.dll
+ 2007-04-17 13:35:32 13,653,808 ----a-w C:\Windows\System32\xlivefnt.dll
+ 2007-10-30 09:29:29 96,256 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
+ 2007-10-30 09:29:33 479,232 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcm80.dll
+ 2007-10-30 09:29:33 548,864 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcp80.dll
+ 2007-10-30 09:29:33 626,688 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll
+ 2007-10-30 09:29:37 1,101,824 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80.dll
+ 2007-10-30 09:29:37 1,093,120 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
+ 2007-10-30 09:29:37 69,632 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll
+ 2007-10-30 09:29:37 57,856 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80u.dll
+ 2007-10-30 09:29:41 40,960 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
+ 2007-10-30 09:29:41 45,056 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHT.dll
+ 2007-10-30 09:29:41 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
+ 2007-10-30 09:29:41 57,344 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
+ 2007-10-30 09:29:41 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ESP.dll
+ 2007-10-30 09:29:41 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80FRA.dll
+ 2007-10-30 09:29:41 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ITA.dll
+ 2007-10-30 09:29:41 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80JPN.dll
+ 2007-10-30 09:29:41 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80KOR.dll
+ 2007-10-30 09:29:43 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 14:27]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 11:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {1B91DBAF-C919-6A57-18E2-C7D7EF4FF08C} /qb
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-30 09:36:05 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 11:59:02
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 12:01:51
C:\ComboFix2.txt ... 2007-10-23 11:19
.
--- E O F ---
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 12:37 |
Linkki tähän viestiin
|
Moi! tässäpä vielä tää hjt logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 25.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5792 bytes
ai niin ja ei ole ongelmat korjaaantunu...kone on vieläkin tukossa.
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 12:48 |
Linkki tähän viestiin
|
Moi taas! sain nyt poistettua vihdoinkin ne tarvittavat kolme juttua sillä hijack tissillä! Tossa on nyt siis se viimeisin logi siitä ja nyt suljenm koneen ja teen vielä tarkistuksen sillä combofixillä:)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:29, on 30.10.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 5450 bytes
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 13:19 |
Linkki tähän viestiin
|
moi!
Tässäpä tää combfix logi:
ComboFix 07-10-29.1** - Tommi 2007-10-30 13:03:54.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1035.18.433 [GMT 2:00]
Running from: C:\Users\Tommi\Desktop\ComboFix.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-28 to 2007-10-30 )))))))))))))))))
.
2007-10-29 22:16 <KANSIO> d-------- C:\Program Files\7-Zip
2007-10-29 11:18 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\Grisoft
2007-10-29 11:17 <KANSIO> d-------- C:\Users\All Users\Grisoft
2007-10-29 11:17 <KANSIO> d-------- C:\ProgramData\Grisoft
2007-10-29 11:17 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-10-25 13:01 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-23 13:30 <KANSIO> d-------- C:\Downloads
2007-10-23 13:30 <KANSIO> d-------- C:\Bases
2007-10-23 11:33 <KANSIO> d-------- C:\Kaspersky
2007-10-23 11:09 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-23 10:51 <KANSIO> d-------- C:\VundoFix Backups
2007-10-23 08:38 <KANSIO> d-------- C:\Program Files\WinSpyControl
2007-10-23 08:38 24,064 --a------ C:\Windows\System32\msxml3a.dll
2007-10-22 11:48 <KANSIO> d-------- C:\Users\All Users\Winamp Toolbar
2007-10-22 11:48 <KANSIO> d-------- C:\Users\All Users\OrbNetworks
2007-10-22 11:48 <KANSIO> d-------- C:\ProgramData\Winamp Toolbar
2007-10-22 11:48 <KANSIO> d-------- C:\ProgramData\OrbNetworks
2007-10-22 11:48 <KANSIO> d-------- C:\Program Files\Winamp Toolbar
2007-10-22 11:47 <KANSIO> d-------- C:\Program Files\Winamp Remote
2007-10-12 21:54 <KANSIO> d-------- C:\Program Files\Essentials Codec Pack
2007-10-12 21:44 <KANSIO> d-------- C:\Program Files\AC3Filter
2007-10-12 21:44 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2007-10-12 21:44 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2007-10-12 19:36 801,144 --a------ C:\Windows\System32\aswBoot.exe
2007-10-12 19:36 95,608 --a------ C:\Windows\System32\AvastSS.scr
2007-10-12 19:36 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-10-12 19:36 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-10-12 19:36 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-10-12 19:35 <KANSIO> d-------- C:\Program Files\Alwil Software
2007-10-12 19:30 0 --a------ C:\Windows\nsreg.dat
2007-10-12 18:54 <KANSIO> d-------- C:\Users\Tommi\AppData\Roaming\uTorrent
2007-10-12 18:54 <KANSIO> d-------- C:\Program Files\uTorrent
2007-10-12 14:29 292,352 --a------ C:\Windows\System32\psisdecd.dll
2007-10-12 14:29 205,824 --a------ C:\Windows\System32\msoeacct.dll
2007-10-12 14:29 87,040 --a------ C:\Windows\System32\msoert2.dll
2007-10-12 14:29 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2007-10-12 14:28 376,320 --a------ C:\Windows\System32\winsrv.dll
2007-10-12 14:28 49,664 --a------ C:\Windows\System32\csrsrv.dll
2007-10-12 14:26 2,048 --a------ C:\Windows\System32\tzres.dll
2007-10-12 14:24 414,208 --a------ C:\Windows\System32\msscp.dll
2007-10-12 14:22 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2007-10-12 14:21 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2007-10-12 14:21 1,686,528 --a------ C:\Windows\System32\gameux.dll
2007-10-12 14:21 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2007-10-12 14:21 2,048 --a------ C:\Windows\System32\msxml3r.dll
2007-10-12 14:17 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-10-12 14:17 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-10-12 14:16 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-10-12 14:16 152,576 --a------ C:\Windows\System32\imagehlp.dll
2007-10-12 14:16 53,760 --a------ C:\Windows\System32\drivers\hdaudbus.sys
2007-10-12 14:16 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2007-10-12 14:16 5,120 --a------ C:\Windows\System32\wmi.dll
2007-10-12 14:15 2,026,496 --a------ C:\Windows\System32\win32k.sys
2007-10-12 14:15 974,336 --a------ C:\Windows\System32\crypt32.dll
2007-10-12 14:15 750,080 --a------ C:\Windows\System32\qmgr.dll
2007-10-12 14:15 633,856 --a------ C:\Windows\System32\user32.dll
2007-10-11 17:23 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2007-10-11 17:23 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2007-10-11 17:23 53,080 --a------ C:\Windows\System32\wuauclt.exe
2007-10-11 17:23 43,352 --a------ C:\Windows\System32\wups2.dll
2007-10-11 17:22 549,720 --a------ C:\Windows\System32\wuapi.dll
2007-10-11 17:22 163,000 --a------ C:\Windows\System32\wuwebv.dll
2007-10-11 17:22 80,896 --a------ C:\Windows\System32\wudriver.dll
2007-10-11 17:22 33,624 --a------ C:\Windows\System32\wups.dll
2007-10-11 17:22 31,232 --a------ C:\Windows\System32\wuapp.exe
2007-10-11 17:10 <KANSIO> d-------- C:\Program Files\Windows Live Toolbar
2007-10-11 17:08 <KANSIO> d-------- C:\Windows\PCHEALTH
2007-10-11 17:08 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-09-04 17:56 <KANSIO> d-------- C:\Program Files\directx
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 14:46 7,728 ----a-w C:\Users\Tommi\AppData\Roaming\wklnhst.dat
2007-10-22 09:49 --------- d-----w C:\Program Files\Winamp
2007-10-12 19:44 --------- d-----w C:\Program Files\ffdshow
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Mail
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Defender
2007-10-12 14:08 --------- d-----w C:\Program Files\Windows Calendar
2007-10-12 12:30 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-10-12 12:30 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-10-12 12:30 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-10-12 12:30 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-10-12 12:30 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-10-12 12:30 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-10-12 12:30 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-10-12 12:30 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-10-12 12:30 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-10-12 12:30 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-10-12 12:30 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-10-12 12:30 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-10-12 12:30 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-10-12 12:30 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-10-12 12:30 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-10-12 12:30 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-10-12 12:30 134,656 ----a-w C:\Windows\System32\dps.dll
2007-10-12 12:30 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-10-12 12:30 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-12 12:23 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-10-12 12:23 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-12 12:23 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-12 12:23 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-10-12 12:23 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-10-12 12:23 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-12 12:23 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-10-12 12:23 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-10-12 12:23 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-12 12:23 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-10-12 12:23 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-10-12 12:23 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-10-12 12:23 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-10-12 12:21 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-10-12 12:21 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-10-12 12:21 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-10-12 12:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-10-12 12:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-12 12:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-12 12:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-12 12:18 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-10-12 12:18 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-10-12 12:18 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-10-12 12:18 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-10-12 12:18 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-10-12 12:18 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-10-12 12:18 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-10-12 12:18 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-10-12 12:18 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-10-12 12:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-09-04 16:03 --------- d-----w C:\Program Files\Common Files\3DO Shared
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot_2007-10-30_12.00.14,21 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-30 08:25:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-10-30 10:50:10 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-10-30 08:28:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-10-30 10:54:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-10-30 08:28:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-30 10:54:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-10-30 10:54:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2007-10-30 09:20:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-30 10:50:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-30 09:20:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-30 10:50:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-30 09:20:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-30 10:50:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-30 09:54:18 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-10-30 11:03:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-10-30 08:34:05 112,216 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-10-30 10:58:52 112,216 ----a-w C:\Windows\System32\perfc009.dat
- 2007-10-30 08:34:05 88,622 ----a-w C:\Windows\System32\perfc00B.dat
+ 2007-10-30 10:58:52 88,622 ----a-w C:\Windows\System32\perfc00B.dat
- 2007-10-30 08:34:05 631,670 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-10-30 10:58:52 631,670 ----a-w C:\Windows\System32\perfh009.dat
- 2007-10-30 08:34:05 468,046 ----a-w C:\Windows\System32\perfh00B.dat
+ 2007-10-30 10:58:52 468,046 ----a-w C:\Windows\System32\perfh00B.dat
- 2007-10-30 09:29:01 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-10-30 10:12:14 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2007-10-30 08:28:47 8,502 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3191971044-3670548126-80144572-1000_UserData.bin
+ 2007-10-30 10:55:16 8,680 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3191971044-3670548126-80144572-1000_UserData.bin
- 2007-10-30 08:28:47 54,052 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-30 10:55:05 54,304 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-10-30 08:28:43 37,168 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-30 10:54:56 37,224 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-12 14:27]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 11:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 22:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys
S4 viamraid;viamraid;C:\Windows\system32\drivers\viamraid.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {1B91DBAF-C919-6A57-18E2-C7D7EF4FF08C} /qb
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-30 10:36:17 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 13:08:06
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 13:10:32
C:\ComboFix2.txt ... 2007-10-30 12:01
C:\ComboFix3.txt ... 2007-10-23 11:19
.
--- E O F ---
|
|
syylaZ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 14:20 |
Linkki tähän viestiin
|
|
Moi taas! voisitko vielä varmistaa ja pistää viestiä et jos viiruksia ei enää ole!? pikkasen on kone nopeempi mut siitä huolimata ois kiva tietää et ne varmasti on kaikki lähteny:D Kiitoksi avusta aivan suunnattomasti jo näin etukäteen!:)
|
Member
|
30. lokakuuta 2007 @ 14:30 |
Linkki tähän viestiin
|
Moi!
Hyvä että lähtivät.
Vielä yksi rekisteriarvo poistataan:
Ota ensin rekisteristä näin varmuuskopio:
Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna (ja laita muistiin, mihin tallensit sen).
Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot).
Lainaus:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.
Niin, olikos ne kaikki ongelmat kadonneet? :) Kaikki näyttää ok:lta nyt.
Nyt kun olet puhdas, seuraavaksi pari vinkkiä kuinka pienennetään saastumisriskiä. Kaikista näistä on saatavilla joko suomenkielinen versio sekä/tai suomenkielinen opas.
-> Taistele muiden kanssa haittaohjelmien tekijöitä vastaan! -> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!
-> Tyhjennä järjestelmänpalautus -> Ohjeet
Tyhejnnä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Käytä Ad-Awarea -> Ad-Aware
Lataa ja asenna Ad-Aware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas löytyy tästä.
-> Käytä AVG Anti-Spywarea -> AVG Anti-Spyware
Lataa ja asenna AVG Anti-Spyware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
Opas saatavilla suomeksi! (Ewido ulkoasulla) Nimimerkki Axelin opas löytyy tästä.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas löytyy tästä.
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas löytyy tästä.
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla -> Windows Update
Vieraile täällä säännöllisesti jotta olet päivitysten tasalla.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
|
|
Mainos
|
|
|
Member
|
30. lokakuuta 2007 @ 14:33 |
Linkki tähän viestiin
|
|
Hyvä, että ongelmat ovat poissa :)
Kaikki on ok, kuten mainitsin.
Suosittelen lukemaan ton puhtaanapysymis ohjeen :)
|
|
