|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Turhia pop-uppeja
|
|
|
Ileh
Newbie
|
4. helmikuuta 2008 @ 19:26 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:14, on 4.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5024 bytes
|
|
Ileh
Newbie
|
6. helmikuuta 2008 @ 20:49 |
Linkki tähän viestiin
|
|
Apua! Kiitos.
|
|
Hujo
Suspended permanently
|
7. helmikuuta 2008 @ 01:28 |
Linkki tähän viestiin
|
Lataa VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
===============
Lataa SmitfraudFix (c) S!Ri
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:
Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
Voiko tietsikka koskaan toimia?
|
|
Ileh
Newbie
|
7. helmikuuta 2008 @ 20:09 |
Linkki tähän viestiin
|
Vundo ei löytäny mitää. Kumma juttu?
Täs smitfraudin logi
SmitFraudFix v2.279
Scan done at 20:07:01,31, to 07.02.2008
Run from C:\Documents and Settings\Master\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Master\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 18:25 |
Linkki tähän viestiin
|
|
Onko tuossa jotain? VITUTTAA NIIN PERKELEESTI NUO POP-UPIT.
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 18:33 |
Linkki tähän viestiin
|
aja tuo vundofix
ja uudelleen nimeä
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <== scanneriksi
=====================
Mene käynnistä -> suorita -> services.msc -> ok
Katso että ei ole viestinvälitys päällä tuplaKlikkaa viestinvälitys kohtaa
jos on päällä laita seis ja alasvetovalikosta ei käytössä
Käytä ja ok
=========
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
=========
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 18:53
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 18:45 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
aja tuo vundofix
ja uudelleen nimeä
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <== scanneriksi
=====================
Mene käynnistä -> suorita -> services.msc -> ok
Katso että ei ole viestinvälitys päällä
jos on päällä laita seis ja alasvetovalikosta ei käytössä
Käytä ja ok
Selitätkö uudelleen ton alun?
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 18:48 |
Linkki tähän viestiin
|
Tuoko
Uudelleen nimeäminen
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
2. Valitse Uudelleennineä/ Rename.
3. Kirjoita scanner.exe
laitoin tuonne ylös vielä lisää
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 18:50
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 18:59 |
Linkki tähän viestiin
|
luulen et toimi toi hjt fix checked juttu. loppu yhtäkkiä pop-uppien tulo.
Kiitoksia =)
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 19:05 |
Linkki tähän viestiin
|
hei tää on vanha versio SmitFraudFix v2.279 poista ja lataa tuosta linkistä uusi ja ajo ohjeen mukaan
Linkki
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 19:06
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 19:06 |
Linkki tähän viestiin
|
|
Eipäs auttanutkaan, tuli taas pop-uppi :( Hätäilin jo vähän. Noh, jokin ratkasu on pakko löytää.
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 19:08 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 19:13
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 19:14 |
Linkki tähän viestiin
|
Kopsaanko smitfraudin login taas vai mitä meinasit?
SmitFraudFix v2.283
Scan done at 19:09:38,92, pe 08.02.2008
Run from C:\Documents and Settings\Master\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Master\Työpöytä\VundoFix.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Master\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Master\Suosikit
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{199B90CC-F75C-462A-B8B0-98CD0B0403A5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 19:19 |
Linkki tähän viestiin
|
|
sitten eteenpäin vain
tarkista tuo viestinvälitys ja se uudelleen nimeäminen ja laita hjt:n loki scannaten uusi
Voiko tietsikka koskaan toimia?
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 19:23 |
Linkki tähän viestiin
|
Viestinvälitys oli pois käytöstä, laitoin nimen scanneriks ja täs logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:21, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5329 bytes
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 19:34 |
Linkki tähän viestiin
|
noooh....
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
==========
1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
=========
Mitäs ne pop upit on?
Voiko tietsikka koskaan toimia?
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 20:21 |
Linkki tähän viestiin
|
SDFix: Version 1.138
Run by XXX on pe 08.02.2008 at 20:09
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Master\TYPYT~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:14:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,29,4c,17,75,4d,84,0e,f5,af,0e,c3,41,19,38,6e,06,d2,78,48,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a1,29,4c,17,75,4d,84,0e,f5,af,0e,c3,41,19,38,6e,06,d2,78,48,f6,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Master\\Ty?p?yt?\\nuuskut.txt"="C:\\Documents and Settings\\Master\\Ty?p?yt?\\nuuskut.txt:*:Enabled:nuuskut"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
C:\WINDOWS\system32\drivers\core.cache.dsk Found
File Backups: - C:\DOCUME~1\Master\TYPYT~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 14 Sep 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Tue 14 Sep 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 14 Sep 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Tue 14 Sep 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Sun 3 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT7.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\666b695e836da06343cda856c4858ddf\BIT3D.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1095dcf1989563f29249489b5df12215\download\BIT158.tmp"
Tue 2 Oct 2007 115,981 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1311dcccf2dbdfa1f9b146f0c11d0fc5\download\BIT13E.tmp"
Thu 7 Sep 2006 44,287 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18f7de7388f2ecc3ee2c049ee2fc9d0e\download\BIT143.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1b545c6af3a362a0e6fc8cdd2c1cc98c\download\BIT14B.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2a9af77915d50aa8c49a031a1f10b6ff\download\BIT151.tmp"
Sat 31 Mar 2007 670,729 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3082d0faf4ab17888ff73a544582dfd5\download\BIT147.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\35e2767a301c333b8486b013036ee4f6\download\BIT153.tmp"
Fri 1 Jun 2007 19,614 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3b5bc2876ee7228987c0a0d662ec1c40\download\BIT13A.tmp"
Wed 19 Apr 2006 1,053,649 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52d535445a7e6158af3f02ffad4711ed\download\BIT138.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56f70cca1e2a40d22c814f1bfefc9bb1\download\BIT150.tmp"
Fri 2 Jun 2006 65,496 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d84bce1e6dc6864a3cf8fb4b6fd376a\download\BIT141.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64280fa1997e4f7f6a00252b4a55a0f8\download\BIT154.tmp"
Sat 2 Dec 2006 171,900 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a5e0ac81b305e5bbc0293b72ef8338c\download\BIT13D.tmp"
Tue 1 May 2007 159,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6c3b88f4b16cf163a4cea1e14aee9425\download\BIT139.tmp"
Tue 7 Aug 2007 371,630 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7643647af098b499f9f8f36bf81f536d\download\BIT13B.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79c3ec9e566ab9aff1b04775d258df76\download\BIT149.tmp"
Sat 3 Jun 2006 89,046 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7cde4e92d87f06cc4457a83c3710b62a\download\BIT145.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83b6df52cdb930a6f939b1d4798b27c5\download\BIT14D.tmp"
Fri 28 Jul 2006 55,420 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\86831e5e925ba02101beff57397757f9\download\BIT146.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a63c9398158ec80701db982bcbd7cca\download\BIT14C.tmp"
Mon 7 Feb 2005 19,452 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9136a9b97bccf847c5b41e7a92b17920\download\BIT13C.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\96156a2ef7a2c5dee8d691fa03c9edb1\download\BIT157.tmp"
Tue 3 Oct 2006 64,340 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a489706e9d5ea7dc3d43b43642a7d51d\download\BIT13F.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a70a26467dba6eddb633f66a1b811ee8\download\BIT156.tmp"
Fri 30 Mar 2007 69,466 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5be6d028e4dbb6dd6a89ccb6fd68f72\download\BIT142.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6eb675d5f85f7cde20befdb34dbe983\download\BIT148.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cef940f3b263e71524ca627eee33edea\download\BIT14E.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da1ac56032a36483312d057364518075\download\BIT14A.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3733102018a3400101ffede29e556f9\download\BIT14F.tmp"
Sat 31 Mar 2007 125,293 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e41a589dc265b6b9321428a83ae844bb\download\BIT140.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e9f0c995ce3c4067e6bbdab6d52cf97e\download\BIT155.tmp"
Wed 8 Jun 2005 19,867 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ea0f75676c11484a862a8b83cc7166ab\download\BIT144.tmp"
Sat 2 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee5488f0a0d7c2d3346104b76390be31\download\BIT152.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:17, on 8.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5343 bytes
Teen combon täs seuraavana.
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 20:31 |
Linkki tähän viestiin
|
Pop-upit o yleensä mainoksia tai url.adtrgt.com/jotainsössöä joka sisältää ip.osoitteeni ja Firefoxin sivun osoitteen (pop-up siis aukeaa IE:ssä.)
ComboFix 08-02.05.3 - Master 2008-02-08 20:22:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\Master\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-08 to 2008-02-08 )))))))))))))))))
.
2008-02-07 19:20 . 2008-02-07 19:20 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Media Player Classic
2008-02-06 21:04 . 2008-02-06 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-06 21:02 . 2008-02-06 21:02 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-02-05 22:44 . 2008-02-05 22:44 <KANSIO> d-------- C:\Program Files\Notebook Hardware Control
2008-02-05 19:05 . 2008-02-08 20:02 <KANSIO> d-------- C:\Program Files\mIRC
2008-02-04 19:19 . 2008-02-04 19:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-03 17:12 . 2008-02-03 17:12 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Grisoft
2008-02-03 17:09 . 2008-02-03 17:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 15:01 . 2008-02-03 16:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\BSplayer PRO
2008-02-03 15:00 . 2008-02-03 15:00 <KANSIO> d-------- C:\Program Files\Webteh
2008-02-03 14:10 . 2008-02-03 14:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-02-03 14:10 . 2008-02-03 14:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:09 . 2008-02-03 14:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 17:23 . 2008-02-02 17:23 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\DAEMON Tools
2008-02-02 16:09 . 2008-02-02 16:09 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-02 15:50 . 2008-02-02 15:50 <KANSIO> d-------- C:\Documents and Settings\Master\Contacts
2008-02-02 15:32 . 2008-02-02 15:35 <KANSIO> d-------- C:\Program Files\uTorrent
2008-02-02 15:32 . 2008-02-08 20:03 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\uTorrent
2008-02-02 15:28 . 2008-02-06 19:32 <KANSIO> d-------- C:\Program Files\Windows Live
2008-02-02 15:28 . 2008-02-02 15:36 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-02 15:28 . 2008-02-02 15:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 15:24 . 2008-02-02 15:28 <KANSIO> d-------- C:\Program Files\Winamp
2008-02-02 15:24 . 2008-02-02 16:11 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Winamp
2008-02-02 15:02 . 2008-02-02 15:13 <KANSIO> d-------- C:\Program Files\CONEXANT
2008-02-02 14:57 . 2008-02-05 19:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\mIRC
2008-02-02 14:26 . 2008-02-02 14:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-02 13:17 . 2008-02-02 13:17 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-02-01 21:48 . 2008-02-02 15:02 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-01 21:48 . 2008-02-01 21:48 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\InstallShield
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Synaptics
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Hp
2008-02-01 21:47 . 2008-02-02 14:56 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-02-01 21:47 . 2008-02-01 23:19 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 18:27 256,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 18:16 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-08 18:12 932 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-08 17:09 3,686 ----a-w C:\WINDOWS\system32\tmp.reg
2008-02-07 05:05 4,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-06 19:03 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-06 19:03 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-03 13:01 86,144 ----a-w C:\WINDOWS\system32\drivers\beepp.sys
2008-02-02 14:59 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 11:31 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-01 22:55 83,456 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-02-01 19:49 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-01 19:49 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-02-01 18:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-27 12:37 81,920 ----a-w C:\WINDOWS\system32\IEDFix.exe
2007-12-24 11:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 00:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 00:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 21:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 21:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-11 17:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-11 17:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-11 17:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-11 17:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-11 17:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-11 17:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-11 17:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-11 17:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-11 17:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-11 17:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-11 17:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-11 17:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-11 17:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-11 17:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-11 17:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-11 17:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-11 17:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-11 17:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-11 17:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-11 17:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-11 17:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-11 17:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-11 17:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-11 17:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-11 17:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-11 17:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-11 17:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-11 17:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-11 17:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-11 17:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-11 17:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-11 17:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-11 17:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-11 17:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-11 17:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-11 17:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-11 17:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-11 17:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-11 17:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-11 17:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-11 17:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-11 17:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-11 17:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-11-11 17:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-11-11 17:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 15:45 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 beepp;beepp;C:\WINDOWS\system32\drivers\beepp.sys [2008-02-03 15:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-11-14 11:04]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 20:25:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sol.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-02-08 20:29:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 18:29:23
.
2008-02-05 14:39:25 --- E O F ---
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 20:32
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 22:12 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\system32\drivers\core.cache.dsk
Tallenna se nimellä CFScript
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
===================
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3
1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 23:12
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 23:39 |
Linkki tähän viestiin
|
ComboFix 08-02.05.3 - Master 2008-02-08 23:31:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1577 [GMT 2:00]
Running from: C:\Documents and Settings\Master\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Master\Työpöytä\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . poisto epäonnistui
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-01-08 to 2008-02-08 )))))))))))))))))
.
2008-02-08 20:19 . 2004-09-14 15:12 390,656 --a------ C:\kmd.exe
2008-02-08 20:12 . 2008-02-08 20:12 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-02-08 20:08 . 2008-02-08 20:08 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-02-07 20:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-07 20:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-07 20:06 . 2008-02-02 00:55 83,456 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-07 20:06 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-07 20:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-07 20:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-07 20:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-07 19:20 . 2008-02-07 19:20 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Media Player Classic
2008-02-07 19:08 . 2008-02-07 19:08 <KANSIO> d-------- C:\VundoFix Backups
2008-02-06 21:04 . 2008-02-06 21:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-06 21:02 . 2008-02-08 23:34 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-02-06 21:02 . 2008-02-06 21:02 <KANSIO> d-------- C:\Program Files\Zone Labs
2008-02-05 22:44 . 2008-02-05 22:44 <KANSIO> d-------- C:\Program Files\Notebook Hardware Control
2008-02-05 22:44 . 2008-02-08 20:27 22,528 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-02-05 19:05 . 2008-02-08 20:31 <KANSIO> d-------- C:\Program Files\mIRC
2008-02-04 19:19 . 2008-02-04 19:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-02-03 17:12 . 2008-02-03 17:12 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Grisoft
2008-02-03 17:10 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-03 17:09 . 2008-02-03 17:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 17:00 . 2008-02-08 19:09 3,686 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-03 15:01 . 2008-02-03 16:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\BSplayer PRO
2008-02-03 15:01 . 2008-02-03 15:01 86,144 --a------ C:\WINDOWS\system32\drivers\beepp.sys
2008-02-03 15:00 . 2008-02-03 15:00 <KANSIO> d-------- C:\Program Files\Webteh
2008-02-03 14:10 . 2008-02-03 14:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-02-03 14:10 . 2008-02-03 14:11 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:09 . 2008-02-03 14:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 11:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 11:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 11:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-02 18:20 . 2008-02-02 18:20 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-02-02 17:23 . 2008-02-02 17:23 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\DAEMON Tools
2008-02-02 16:59 . 2008-02-02 16:59 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-02 16:09 . 2008-02-02 16:09 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-02 16:00 . 2008-02-02 16:00 <KANSIO> d-------- C:\f466ba627de55d733607a31c14
2008-02-02 15:50 . 2008-02-02 15:50 <KANSIO> d-------- C:\Documents and Settings\Master\Contacts
2008-02-02 15:47 . 2008-02-02 15:47 268 --ah----- C:\sqmdata00.sqm
2008-02-02 15:47 . 2008-02-02 15:47 244 --ah----- C:\sqmnoopt00.sqm
2008-02-02 15:36 . 2008-02-02 15:36 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-02 15:32 . 2008-02-02 15:35 <KANSIO> d-------- C:\Program Files\uTorrent
2008-02-02 15:32 . 2008-02-08 23:32 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\uTorrent
2008-02-02 15:28 . 2008-02-06 19:32 <KANSIO> d-------- C:\Program Files\Windows Live
2008-02-02 15:28 . 2008-02-02 15:36 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-02 15:28 . 2008-02-02 15:28 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 15:24 . 2008-02-02 15:28 <KANSIO> d-------- C:\Program Files\Winamp
2008-02-02 15:24 . 2008-02-02 16:11 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\Winamp
2008-02-02 15:18 . 2008-02-03 22:31 <KANSIO> d--h----- C:\WINDOWS\$hf_mig$
2008-02-02 15:02 . 2008-02-02 15:13 <KANSIO> d-------- C:\Program Files\CONEXANT
2008-02-02 15:02 . 2005-06-22 10:56 110,592 --------- C:\WINDOWS\system32\SmartAudio.cpl
2008-02-02 15:02 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-02-02 15:02 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-02-02 14:57 . 2008-02-05 19:04 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\mIRC
2008-02-02 14:53 . 2008-02-02 14:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-02 14:26 . 2008-02-02 14:26 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-02 14:14 . 2007-11-11 19:51 8,523,776 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-02-02 13:31 . 2008-02-02 13:31 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-02 13:29 . 2008-02-02 13:35 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-02 13:29 . 2008-02-02 13:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-02 13:17 . 2008-02-02 13:17 <KANSIO> d-------- C:\Program Files\Alwil Software
2008-02-02 10:03 . 2006-11-10 10:19 356,352 --a------ C:\WINDOWS\system32\nvusmu.exe
2008-02-02 10:03 . 2006-09-11 17:27 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-02-02 10:03 . 2007-05-01 08:11 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-02-02 10:03 . 2007-04-02 19:06 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-02-02 10:03 . 2006-09-11 16:14 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-02-02 10:03 . 2007-01-03 12:20 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-02-02 10:03 . 2006-10-19 10:36 528 --a------ C:\WINDOWS\system32\nvsmu.nvu
2008-02-01 23:18 . 2001-10-05 15:48 96,640 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2008-02-01 23:18 . 2001-10-05 15:48 96,640 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-02-01 21:49 . 2008-02-01 21:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-01 21:49 . 2008-02-01 21:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-02-01 21:48 . 2008-02-02 15:02 <KANSIO> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-01 21:48 . 2008-02-01 21:48 <KANSIO> d-------- C:\Documents and Settings\Master\Application Data\InstallShield
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Synaptics
2008-02-01 21:47 . 2008-02-01 21:47 <KANSIO> d-------- C:\Program Files\Hp
2008-02-01 21:47 . 2008-02-02 14:56 <KANSIO> d-------- C:\Program Files\Hewlett-Packard
2008-02-01 21:47 . 2008-02-01 23:19 <KANSIO> d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 21:47 . 2007-09-14 19:09 213,696 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-02-01 21:47 . 2007-09-14 19:13 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-02-01 21:47 . 2007-09-14 19:13 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-02-01 21:47 . 2007-09-14 19:21 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-02-01 21:47 . 2007-09-14 19:50 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-02-01 21:46 . 2008-02-02 17:17 <KANSIO> d-------- C:\swsetup
2008-02-01 21:24 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:32 8,408 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-08 21:32 536,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-06 19:03 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-06 19:03 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-01 18:51 --------- d-----w C:\Program Files\microsoft frontpage
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 13:21 472632]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 14:13 202032]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-11 19:51 8523776]
"nwiz"="nwiz.exe" [2007-11-11 19:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-03-23 15:45 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R1 beepp;beepp;C:\WINDOWS\system32\drivers\beepp.sys [2008-02-03 15:01]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-11-14 11:04]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 23:35:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\mshearts.exe
.
**************************************************************************
.
Completion time: 2008-02-08 23:37:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 21:37:02
ComboFix2.txt 2008-02-08 18:29:40
.
2008-02-05 14:39:25 --- E O F ---
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 23:42 |
Linkki tähän viestiin
|
|
ajas toi nolop
Mitäs ne popupit on mitä siellä pomppii
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 23:43
|
|
Ileh
Newbie
|
8. helmikuuta 2008 @ 23:44 |
Linkki tähän viestiin
|
|
noloppi ei löytäny mitää... minkähänlainen pöpö mulla täs koneella oikein on... =D
|
|
Hujo
Suspended permanently
|
8. helmikuuta 2008 @ 23:47 |
Linkki tähän viestiin
|
lataa Silent Runners http://www.silentrunners.org/Silent%20Runners.vbs
? Tallenna ohjelma työpöydällesi.
? Aja Silent Runners kaksoisklikkaamalla "Silent Runners" kuvaketta työpöydälläsi.
? Tekstitiedosto ilmestyy työpöydällesi - skannaus ei ole vielä valmis, anna ohjelman tehdä työnsä
(näyttää kuin ohjelma ei tekisi mitään!)
? Kun saat ilmoituksen "All Done!", kaksoisklikkaa uutta tekstitiedostoa työpöydälläsi, kopioi ja liitä koko loki tänne
*HUOM* Jos sinua varoitetaan skriptien ajamisesta, salli ajo.
================
Kysyn vielä
Mitäs ne popupit on mitä siellä pomppii?
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 8. helmikuuta 2008 @ 23:49
|
|
Ileh
Newbie
|
9. helmikuuta 2008 @ 10:53 |
Linkki tähän viestiin
|
Oon jo ainakin kerran ketjun aikana vastannut kysymykseen...
Pop-uppeja tulee vain silloin kun surffaan IE:llä tai FF:llä. Pop-up aukeaa aina IE:ssä ja n. 50% niistä on jotain mainoksia ja toinen puoli on url.adtrgt.com/(tähän tulee random juttuja mutta erotettavissa on iposoitteeni ja sen hetkinen sivu jolla surffaan, eli jonkinlainen vakoilujuttu?)
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"hpWirelessAssistant" = "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"High Definition Audio Property Page Shortcut" = "CHDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"NotebookHardwareControl" = ""C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet" [null data]
"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Liven kirjautumisapuohjelma"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus"
-> {HKLM...CLSID} = "Display Panning CPL -laajennus"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Omat jaettavat kansiot"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Maisema.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Maisema.bmp"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
.NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS]
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
hpqwmiex, hpqwmiex, ""C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"" ["Hewlett-Packard Development Company, L.P."]
Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
---------- (launch time: 2008-02-09 10:56:45)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 58 seconds, including 7 seconds for message boxes)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. helmikuuta 2008 @ 11:02
|
|
Mainos
|
|
|
|
Sakuuu
Newbie
|
9. helmikuuta 2008 @ 11:22 |
Linkki tähän viestiin
|
Mulla oli sama core.cache.dsk
Asensin windowsin uudestaan vanhan päälle niin että ohjelmat jäi, niin se lähti, koitin kyllä ensin ettiä kaikenmaailman ohjeita googlesta mut ei toiminu...
tätä kokeilin ainakin mutta ei mulla ollut CORE kansiota
http://www.pchell.com/support/poweredbyzedo.shtml
How to Remove Core.sys
Follow the instructions below to remove core.sys and core.cache.dsk and rid your computer of the "Powered by Zedo" and other ads.
1) Boot into Safe Mode
2) Click on Start, Search, and choose All Files and Folders
3) In the all or part of file name box, type the following
core.sys
4) In the Look In box, choose local hard drives and click Search
5) When core.sys is found in the c:\windows\system32\drivers directory, right-click on it and choose Delete
6) Repeat steps 2-5 for the file core.cache.dsk
7) Close the Search box
8) Click on Start, Run and type REGEDIT and press Enter
9) Click on the Plus sign (+) next to HKEY_LOCAL_MACHINE
10) Click the plus next to SYSTEM
11) Click the plus next to CurrentControlSet
12) Click the plus next to Services
13) Find the folder called CORE and right-click on it and choose Delete
*** WARNING *** If the folder CORE does not exist, dont do anything
14) Close the Registry Editor by clicking on the X in the right-hand corner of the window
15) Reboot your computer in Normal mode
16) Once the computer is rebooted, open your web browser and go to Kaspersky Online Scanner by clicking on the link below.
http://www.kaspersky.com/virusscanner
17) Scan your computer and delete any other files flagged as problems.
Your computer should now be free of these vicious popups.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 9. helmikuuta 2008 @ 11:30
|
|
