|
Miten saan CID pop-upit poistettua?
|
|
|
Rezion
Newbie
|
12. marraskuuta 2007 @ 19:33 |
Linkki tähän viestiin
|
Elikkä ruudulle rupesi tulemaan noita pop-uppeja, enkä ole saanut niitä poistettua.Ajattelin että joku täällä voisi auttaa.
Kiitoksia jo etukäteen.
Alla HjT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:14, on 12.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_14\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Asennettu\foobar2000\foobar2000.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Opera\Opera.exe
E:\Upload\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\Knob tons.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\Syst
|
|
Rezion
Newbie
|
15. marraskuuta 2007 @ 18:04 |
Linkki tähän viestiin
|
|
Auttaisiko joku? Menee hermot noihin pop-uppeihin. Niitä tulee vaan lisää ja lisää. Kattokaa samalla onko jotain muuta p**kaa koneella.
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 20:23 |
Linkki tähän viestiin
|
www.virustorjunta.net
|
|
Rezion
Newbie
|
15. marraskuuta 2007 @ 20:43 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:02, on 15.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\updater\explorer.exe
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_9\autorun.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\Asennettu\Razer\razertra.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Asennettu\Razer\razerofa.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\NOD32\nod32.exe
E:\Asennettu\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 5432 bytes
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 21:00 |
Linkki tähän viestiin
|
moi
ja sitten...
Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKCU\..\Run: [extra mags] C:\DOCUME~1\Arska\APPLIC~1\FASTST~1\Dent Open.exe
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki 1
Linkki 2
Linkki 3
Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
Tuplaklikkaa NoLop.exe ajaaksesi sen
Klikkaa nappulaa " Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
Klikkaa " REBOOT"-painiketta.
NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
ja sitten..
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä C:\NoLop.log + C:\ComboFix.txt + uusi hjt-loki
www.virustorjunta.net
|
|
Rezion
Newbie
|
15. marraskuuta 2007 @ 21:16 |
Linkki tähän viestiin
|
Moro.
Tässä tää HjT-logi on:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:32, on 15.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
E:\Asennettu\Samurize\Client.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\Arska\LOCALS~1\Temp\ir_ext_temp_10\autorun.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
E:\Asennettu\Mozilla Firefox\firefox.exe
E:\Asennettu\PacSteamT\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4713 bytes
Ja vielä NoLop-logi:
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Arska\Työpöytä
[15.11.2007]
[21:17:43]
---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Ashampoo
C:\Documents and Settings\All Users\Application Data\Ati
C:\Documents and Settings\All Users\Application Data\Close Poke Frag Ooze -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Slysoft
C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Arska\Application Data\Accuraterip
C:\Documents and Settings\Arska\Application Data\Apple Computer
C:\Documents and Settings\Arska\Application Data\Ati
C:\Documents and Settings\Arska\Application Data\Fast Store Mess -- EMPTY Directory
C:\Documents and Settings\Arska\Application Data\Foobar2000
C:\Documents and Settings\Arska\Application Data\Gtk-2.0
C:\Documents and Settings\Arska\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Arska\Application Data\Identities
C:\Documents and Settings\Arska\Application Data\Imgburn
C:\Documents and Settings\Arska\Application Data\Installshield
C:\Documents and Settings\Arska\Application Data\Macromedia
C:\Documents and Settings\Arska\Application Data\Media Player Classic
C:\Documents and Settings\Arska\Application Data\Microsoft
C:\Documents and Settings\Arska\Application Data\Mozilla
C:\Documents and Settings\Arska\Application Data\Teracopy
C:\Documents and Settings\Arska\Application Data\Tuneup Software
C:\Documents and Settings\Arska\Application Data\Utorrent
C:\Documents and Settings\Arska\Application Data\Vlc
C:\Documents and Settings\Arska\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 21:34 |
Linkki tähän viestiin
|
|
combo loki vielä....
www.virustorjunta.net
|
|
Rezion
Newbie
|
15. marraskuuta 2007 @ 21:42 |
Linkki tähän viestiin
|
ComboFix 07-11-08.1 - Arska 2007-11-15 21:45:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1442 [GMT 2:00]
Running from: C:\Documents and Settings\Arska\Työpöytä\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\iforex.com
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Arska\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Arska\Suosikit\Error Cleaner.url
C:\Documents and Settings\Arska\Suosikit\Privacy Protector.url
C:\Documents and Settings\Arska\Suosikit\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-15 to 2007-11-15 )))))))))))))))))
.
2007-11-15 21:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:13 848 --a------ C:\delete.bat
2007-11-15 18:54 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\uTorrent
2007-11-15 18:40 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\Fast Store Mess
2007-11-15 18:30 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-13 19:47 <KANSIO> d-------- C:\Program Files\Kaspersky Lab
2007-11-10 15:20 <KANSIO> d-------- C:\Program Files\iPod
2007-11-10 15:18 <KANSIO> d-------- C:\Program Files\QuickTime
2007-11-09 19:48 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-09 19:48 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-09 19:48 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-09 19:48 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-09 19:48 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-09 19:48 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-09 19:48 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-11-09 19:48 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-09 19:48 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-09 19:23 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\TeraCopy
2007-11-08 17:11 <KANSIO> d-------- C:\Program Files\Fast Store Mess
2007-11-06 16:26 <KANSIO> d-------- C:\WINDOWS\system32\updater
2007-11-06 16:21 <KANSIO> d-------- C:\Documents and Settings\Arska\Incomplete
2007-11-06 16:20 <KANSIO> d-------- C:\Program Files\Java
2007-11-06 16:19 <KANSIO> d-------- C:\Program Files\Common Files\Java
2007-11-04 16:54 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\ATI
2007-11-04 16:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-11-04 16:54 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-04 16:49 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-11-04 16:49 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-04 16:49 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-04 16:48 <KANSIO> d-------- C:\Program Files\ATI Technologies
2007-11-04 14:09 22,328 --a------ C:\Documents and Settings\Arska\Application Data\PnkBstrK.sys
2007-11-03 10:07 <KANSIO> d-------- C:\temp\byeP393468.tmp
2007-11-03 10:07 <KANSIO> d-------- C:\temp
2007-10-29 17:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-29 17:12 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-29 17:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-29 12:13 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2007-10-29 10:12 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2007-10-27 20:07 <KANSIO> d-------- C:\Documents and Settings\Arska\Application Data\vlc
2007-10-22 14:44 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-10-22 14:43 <KANSIO> d-------- C:\Program Files\Image-Line
2007-10-22 14:42 <KANSIO> d-------- C:\Program Files\Steinberg
2007-10-22 14:41 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-16 19:12 <KANSIO> d-------- C:\WINDOWS\San Andreas Mod Installer
2007-10-16 18:52 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-10-15 12:44 <KANSIO> d-------- C:\Program Files\Common Files\Download Manager
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 19:13 --------- d-----w C:\Documents and Settings\Arska\Application Data\foobar2000
2007-11-13 17:47 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2007-11-09 17:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 15:19 --------- d-----w C:\Documents and Settings\Arska\Application Data\gtk-2.0
2007-10-27 18:07 --------- d-----w C:\Documents and Settings\Arska\Application Data\vlc
2007-10-12 16:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 16:32 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-11 16:44 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-11 16:44 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-11 16:44 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-08 13:23 --------- d-----w C:\Program Files\Apple Software Update
2007-10-08 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="e:\Asennettu\Razer\razerhid.exe" [2007-05-07 16:40]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"Windows Defender"="E:\Asennettu\Windows Defender\MSASCui.exe" [2006-11-03 17:20]
"DefragTaskBar"="e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-02-12 11:57]
"nod32kui"="C:\NOD32\nod32kui.exe" [2007-10-11 18:44]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="E:\Asennettu\Itunes\iTunesHelper.exe" [2007-11-02 18:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"DAEMON Tools"="e:\Asennettu\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"AnyDVD"="E:\Asennettu\AnyDVD\AnyDVD.exe" [2007-06-23 13:13]
C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys
S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-10 12:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-15 16:57:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Asennettu\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 21:46:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 21:46:50
.
--- E O F ---
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 22:06 |
Linkki tähän viestiin
|
jatketaan...
Poista kansiot:
C:\Documents and Settings\All Users\Application Data\Close Poke Frag Ooze
C:\Documents and Settings\Arska\Application Data\Fast Store Mess
Varmistu ensin, että piilotiedostot on näkyvillä.
Piilotiedostot näkyviin
Mene --> tänne
Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.
C:\WINDOWS\system32\updater\explorer.exe
Lähetä skannin tulokset seuraavassa viestissäsi.
Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html
www.virustorjunta.net
|
|
Rezion
Newbie
|
15. marraskuuta 2007 @ 22:28 |
Linkki tähän viestiin
|
Scan taken on 15 Nov 2007 20:11:01 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
|
|
tomato71
Suspended due to non-functional email address
|
15. marraskuuta 2007 @ 22:33 |
Linkki tähän viestiin
|
ja sitten vielä varmistusta
Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.[list]
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
Lähetä kasperskyn loki ja uusi hjt-loki
www.virustorjunta.net
|
|
Rezion
Newbie
|
16. marraskuuta 2007 @ 00:08 |
Linkki tähän viestiin
|
Noniin.
Hjt-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:34, on 16.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
E:\Asennettu\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Asennettu\Razer\razerhid.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Asennettu\Windows Defender\MSASCui.exe
E:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\NOD32\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Asennettu\Itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Asennettu\DAEMON Tools\daemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Asennettu\Samurize\Client.exe
E:\Asennettu\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\NOD32\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
E:\Asennettu\Razer\razertra.exe
E:\Asennettu\Razer\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Asennettu\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DeathAdder] e:\Asennettu\Razer\razerhid.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Windows Defender] "E:\Asennettu\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DefragTaskBar] "e:\Asennettu\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Asennettu\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "e:\Asennettu\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] E:\Asennettu\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Client Default.lnk = E:\Asennettu\Samurize\Client.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1185231439125
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService - - e:\Asennettu\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\NOD32\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4859 bytes
Ja tässä Kasperskyn:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 12:11:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/11/2007
Kaspersky Anti-Virus database records: 459989
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 109489
Number of viruses found: 3
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 01:08:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07242007-143632.log Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Arska\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Arska\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5579EAA6-BF7B-4957-9163-C9E5AB3FE3DB} Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Sivuhistoria\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temp\BCG1.tmp Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temp\Perflib_Perfdata_a8.dat Object is locked skipped
C:\Documents and Settings\Arska\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arska\ntuser.dat Object is locked skipped
C:\Documents and Settings\Arska\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\NOD32\cache\CACHE.NDB Object is locked skipped
C:\NOD32\cache\FND0.NFI Infected: Trojan.Win32.Dialer.qn skipped
C:\NOD32\infected\CECOYACA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\CECOYACA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\CECOYACA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\CECOYACA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\CTSTJIBA.NQF/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.dzf skipped
C:\NOD32\infected\CTSTJIBA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dzf skipped
C:\NOD32\infected\CTSTJIBA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\CTSTJIBA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\FRI2F5DA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\FRI2F5DA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\FRI2F5DA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\FRI2F5DA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\LHRTKHAA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\LHRTKHAA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\LHRTKHAA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\LHRTKHAA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\infected\MV4YCDDA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\MV4YCDDA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dwv skipped
C:\NOD32\infected\MV4YCDDA.NQF NSIS: infected - 2 skipped
C:\NOD32\infected\MV4YCDDA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\NOD32\logs\virlog.dat Object is locked skipped
C:\NOD32\logs\warnlog.dat Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3009275C-5A24-467D-9DCE-5AE5E7037EFC}\RP296\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8D8DC2A5-29DD-4429-BF8A-9CBF0E15FA8A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Asennettu\Ashampoo Magical Defrag 2\log\log_main.txt Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{3009275C-5A24-467D-9DCE-5AE5E7037EFC}\RP296\change.log Object is locked skipped
Scan process completed.
|
|
tomato71
Suspended due to non-functional email address
|
16. marraskuuta 2007 @ 00:22 |
Linkki tähän viestiin
|
|
jep ,puhdasta on
Nuo kaikki mitä kaspersky löysi on Nodin karanteenis
vielä ongelmia???
www.virustorjunta.net
|
|
Rezion
Newbie
|
16. marraskuuta 2007 @ 00:23 |
Linkki tähän viestiin
|
|
Ei enää mitään ongelmaa. Kiitos erittäin paljon.
|
|
tomato71
Suspended due to non-functional email address
|
16. marraskuuta 2007 @ 00:35 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti tomato71:
Varmistu ensin, että piilotiedostot on näkyvillä.
Piilotiedostot näkyviin
Mene --> tänne
Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.
C:\WINDOWS\system32\updater\explorer.exe
Lähetä skannin tulokset seuraavassa viestissäsi.
Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html
tämä tiedosto on vielä ongelmana C:\WINDOWS\system32\updater\explorer.exe
lähteä kopio siitä F-Securelle,muista laittaa siihen sun sähköposti osoite,ne yleensä vastaa aika nopeasti
tässä linkki,kerro loppu tulos(merkaa se Malware kohta)
http://www.f-secure.com/samples/index.html
sitten voit huomenna joskus laittaa tuo tiedosto uudestaan sinne jotti/virustotal skannaukseen jos f-securelta ei ole kuulunut mitään
www.virustorjunta.net
|
|
Rezion
Newbie
|
16. marraskuuta 2007 @ 16:05 |
Linkki tähän viestiin
|
|
Nonii. F-Securelta tuli viestiä, että puhdas on toi tiedosto. Kaikki siis hyvin. :)
|
|
Mainos
|
|
|
|
tomato71
Suspended due to non-functional email address
|
16. marraskuuta 2007 @ 16:53 |
Linkki tähän viestiin
|
|
OK hyvä juttu
sitten on kaikki kunnossa :D
www.virustorjunta.net
|
