|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Voisitko katsoa mikä on ylimääräistä? kiitos
|
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 18:14 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:13, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {54C62511-2A3C-4E37-8AA6-3B1F033C8918} - (no file)
O2 - BHO: (no name) - {58BD8182-BC5C-46D1-B633-9418BCF5DC13} - (no file)
O2 - BHO: (no name) - {5BE2A6CA-D679-475A-8C80-D2B5F8832DFE} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: (no name) - {69E9BD7B-B213-4D6F-9AEC-DD9DC9020B94} - (no file)
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7804E5DD-9E82-480F-BF0B-D1957F9A1353} - (no file)
O2 - BHO: (no name) - {A70B53E5-CBD1-4251-9D8E-8DCA56A8BC53} - (no file)
O2 - BHO: (no name) - {FA2BDBF6-3219-47AB-BCC4-99E335BE49B9} - (no file)
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.dnainternet.fi/portaali/Virusskanneri/OLS3/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnkjgf - nnnkjgf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5456 bytes
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2008 @ 18:39 |
Linkki tähän viestiin
|
Pikkusen tuntuu olevan
Poista lisää poista sovelutuksesta
FRISK Software
Poista kansio vikasiedossa
C:\Program Files\FRISK Software
========
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {54C62511-2A3C-4E37-8AA6-3B1F033C8918} - (no file)
O2 - BHO: (no name) - {58BD8182-BC5C-46D1-B633-9418BCF5DC13} - (no file)
O2 - BHO: (no name) - {69E9BD7B-B213-4D6F-9AEC-DD9DC9020B94} - (no file)
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - (no file)
O2 - BHO: (no name) - {7804E5DD-9E82-480F-BF0B-D1957F9A1353} - (no file)
O2 - BHO: (no name) - {A70B53E5-CBD1-4251-9D8E-8DCA56A8BC53} - (no file)
O2 - BHO: (no name) - {FA2BDBF6-3219-47AB-BCC4-99E335BE49B9} - (no file)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: nnnkjgf - nnnkjgf.dll (file missing)
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ?all Files? ja tallenna se Poisto.bat. nimisenä
työpöydällesi.
@echo off
sc stop FPAVServer
sc delete FPAVServer
Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.
===============
Lataa TÄSTÄ VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. maaliskuuta 2008 @ 18:39
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 20:08 |
Linkki tähän viestiin
|
Jep
F prot lähti lisää/poista suoraan ilman vikasietotilaa, vundo ei löytänyt viruksia. Ok
Tässä uusi logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:13, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.dnainternet.fi/portaali/Virusskanneri/OLS3/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 3841 bytes
Onko nyt ok?
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2008 @ 20:28 |
Linkki tähän viestiin
|
scannaqa hjt:llä merkkaa paina Fix checked
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.dnainternet.fi/portaali/Virusskanneri/OLS3/fscax.cab
========
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 21:23 |
Linkki tähän viestiin
|
Niipä virpoi tälläisen login:
Running from: C:\Documents and Settings\joo\Työpöytä\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMc7872c96.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-22 17:37 . 2008-03-22 17:37 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-03-22 16:35 . 2008-03-22 16:35 <KANSIO> d-------- C:\VundoFix Backups
2008-03-20 18:15 . 2008-03-20 18:15 <KANSIO> d-------- C:\WINDOWS\Sun
2008-03-20 15:52 . 2008-03-20 15:52 <KANSIO> d-------- C:\Program Files\Avira
2008-03-20 15:52 . 2008-03-20 15:52 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-18 10:53 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 10:52 . 2008-03-18 10:52 <KANSIO> d-------- C:\Program Files\Java
2008-03-18 10:50 . 2008-03-18 10:50 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-03-17 14:10 . 2008-03-17 14:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\FRISK Software
2008-03-16 18:01 . 2008-03-16 18:01 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-03-16 18:01 . 2008-03-16 18:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-15 19:25 . 2008-03-15 19:25 81,920 --------- C:\WINDOWS\bwUnin-6.1.4.55-7681197L.exe
2008-03-15 16:54 . 1998-07-30 18:36 303,616 --a------ C:\WINDOWS\IsUn040b.exe
2008-03-15 16:33 . 2008-03-15 19:47 2,521 --a------ C:\WINDOWS\FSAV.MIF
2008-03-14 14:17 . 2008-03-22 20:36 467 --a------ C:\WINDOWS\wininit.ini
2008-03-14 11:01 . 2008-03-14 11:01 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-13 18:07 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-13 11:59 . 2008-03-13 11:59 <KANSIO> d-------- C:\Program Files\Herosoft
2008-03-13 11:59 . 2008-03-13 14:33 801 --a------ C:\WINDOWS\HEROVCVT.INI
2008-03-12 22:03 . 2008-03-12 22:03 <KANSIO> d-------- C:\Documents and Settings\joo\Application Data\eXPert PDF Reader
2008-03-12 21:53 . 2008-03-12 21:53 <KANSIO> d-------- C:\Documents and Settings\joo\Application Data\Nero
2008-03-12 16:13 . 2000-06-13 20:35 7,530 --a------ C:\WINDOWS\CADX2.INI
2008-03-12 14:23 . 2008-03-12 14:25 <KANSIO> d-------- C:\WINDOWS\NV34083412.TMP
2008-03-12 13:15 . 2008-03-12 16:22 <KANSIO> d-------- C:\Program Files\Real
2008-03-08 21:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\wppgchasiomc.sys
2008-03-08 21:16 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\stnlyoqnpeoh.sys
2008-03-08 20:17 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jmuvkeukjnmn.sys
2008-03-08 20:04 . 2008-03-19 11:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-08 20:04 . 2008-03-19 11:38 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-05 10:46 . 2008-03-05 10:46 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2008-03-04 16:13 . 2008-03-04 16:13 <KANSIO> d-------- C:\WINDOWS\system32\fi-FI
2008-03-04 16:08 . 2008-03-05 10:52 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-04 16:08 . 2008-03-04 16:08 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2008-03-04 16:07 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-04 16:04 . 2008-03-04 16:04 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2008-03-04 16:04 . 2008-03-04 16:05 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-04 15:59 . 2008-03-04 15:59 <KANSIO> d-------- C:\WINDOWS\system32\URTTemp
2008-02-29 15:41 . 2008-02-29 15:41 <KANSIO> d--h----- C:\BJPrinter
2008-02-27 21:36 . 2008-02-27 21:38 <KANSIO> d-------- C:\WINDOWS\NV2084408.TMP
2008-02-27 21:34 . 2008-02-27 21:34 <KANSIO> d-------- C:\NVIDIA
2008-02-27 20:46 . 2008-02-27 20:46 <KANSIO> d-------- C:\Program Files\SystemRequirementsLab
2008-02-27 15:39 . 2001-10-05 15:59 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-27 15:39 . 2001-10-05 15:59 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-26 21:41 . 2008-03-21 10:05 <KANSIO> d-------- C:\Documents and Settings\joo\Application Data\skypePM
2008-02-26 21:41 . 2008-02-26 21:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-26 21:40 . 2008-02-26 21:40 <KANSIO> d-------- C:\Program Files\Skype
2008-02-26 21:40 . 2008-02-26 21:40 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-26 20:31 . 1993-05-12 00:00 398,416 --a------ C:\WINDOWS\VBRUN300.DLL
2008-02-26 17:08 . 2008-02-26 17:08 <KANSIO> d-------- C:\WINDOWS\system32\Quicktime
2008-02-26 17:08 . 2008-02-26 17:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-02-26 14:56 . 2008-02-26 14:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-02-26 14:54 . 2004-08-16 22:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6s.DLL
2008-02-26 14:54 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-26 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-26 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-26 14:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-26 14:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-26 14:54 . 2004-08-16 22:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6s.DLL
2008-02-26 12:20 . 2008-02-26 12:20 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2008-02-26 11:20 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-02-26 11:18 . 2003-11-19 16:54 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-02-26 11:15 . 2008-02-26 11:15 <KANSIO> d---s---- C:\Documents and Settings\joo\UserData
2008-02-26 11:10 . 2002-03-19 09:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2008-02-26 11:01 . 2008-02-26 17:57 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-26 11:01 . 2003-09-18 14:32 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-26 10:41 . 2008-02-26 10:42 <KANSIO> d-------- C:\WINDOWS\Ulead.dat
2008-02-26 10:41 . 2008-03-11 13:15 493 --a------ C:\WINDOWS\ULead32.ini
2008-02-25 23:37 . 2008-03-17 20:27 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-25 23:36 . 2004-09-14 16:12 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-25 23:36 . 2004-09-14 16:12 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-25 23:36 . 2004-09-14 16:12 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-25 23:36 . 2004-09-14 16:12 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-25 23:36 . 2004-09-14 16:12 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-25 23:35 . 2005-01-18 17:39 208 --a------ C:\WINDOWS\system32\drivers\vssver.scc
2008-02-25 23:29 . 2008-03-22 19:36 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-25 23:29 . 2008-02-26 10:41 <KANSIO> d-------- C:\Program Files\Nokia
2008-02-25 23:29 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-25 23:21 . 2008-03-17 18:02 143 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-25 23:04 . 2002-01-05 14:48 974,848 --------- C:\WINDOWS\system32\MFC70.DLL
2008-02-25 22:59 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-25 22:55 . 2005-07-06 17:12 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
2008-02-25 22:55 . 2005-07-11 16:30 192,817 --------- C:\WINDOWS\UNNeroVision.cfg
2008-02-25 22:55 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-02-25 22:54 . 2008-02-25 22:59 <KANSIO> d-------- C:\Program Files\Ahead
2008-02-25 22:54 . 2008-02-25 22:54 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-25 22:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-25 22:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-25 22:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-25 22:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-25 22:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-25 22:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-25 22:54 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-25 22:43 . 2008-02-25 22:43 <KANSIO> d-------- C:\Documents and Settings\joo\WINDOWS
2008-02-25 22:43 . 2008-02-25 22:43 812 --a------ C:\WINDOWS\MEDIAPAQ.INI
2008-02-25 22:29 . 2008-02-25 22:29 200 --a------ C:\WINDOWS\MMSetup.ini
2008-02-25 22:28 . 2008-02-25 22:40 28,164 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-02-25 22:18 . 2008-02-25 22:27 207 --a------ C:\RECache.idx
2008-02-25 22:18 . 2006-01-26 20:22 62 --a------ C:\MMCD.INI
2008-02-25 22:12 . 2008-03-12 13:25 83 --a------ C:\WINDOWS\cdplayer.ini
2008-02-25 21:09 . 2008-02-25 21:09 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 11:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 10:13 --------- d-----w C:\Program Files\IVT Corporation
2008-03-13 20:32 --------- d-----w C:\Program Files\Support Tools
2008-03-12 14:29 --------- d-----w C:\Program Files\Common Files\Real
2008-03-12 11:39 --------- d-----w C:\Program Files\KCeasy
2008-02-28 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 09:05 47,920,834 ----a-w C:\asennuksejnälk.reg
2008-02-27 17:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-27 16:57 --------- d-----w C:\Program Files\SopCast
2008-02-26 19:40 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-26 08:40 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-25 21:29 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-25 18:23 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-02-25 15:27 --------- d-----w C:\Program Files\TVUPlayer
2008-02-25 15:01 --------- d-----w C:\Program Files\XviD
2008-02-25 15:01 --------- d-----w C:\Program Files\XP Codec Pack
2008-02-25 15:01 --------- d-----w C:\Program Files\WS_FTP
2008-02-25 15:01 --------- d-----w C:\Program Files\Visagesoft
2008-02-25 15:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-25 15:01 --------- d-----w C:\Program Files\Windows Media Components
2008-02-25 15:01 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-02-25 15:01 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-25 15:01 --------- d-----w C:\Program Files\Windows Defender
2008-02-25 15:01 --------- d-----w C:\Program Files\WebEye
2008-02-25 15:01 --------- d-----w C:\Program Files\WASEO
2008-02-25 15:01 --------- d-----w C:\Program Files\Ulead Systems
2008-02-25 15:00 --------- d-----w C:\Program Files\ToniArts
2008-02-25 15:00 --------- d-----w C:\Program Files\The Playa
2008-02-25 15:00 --------- d-----w C:\Program Files\SureThing
2008-02-25 15:00 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-02-25 15:00 --------- d-----w C:\Program Files\SmartSound Software
2008-02-25 15:00 --------- d-----w C:\Program Files\Serif
2008-02-25 15:00 --------- d-----w C:\Program Files\ScanSoft
2008-02-25 15:00 --------- d-----w C:\Program Files\QSuite
2008-02-25 15:00 --------- d-----w C:\Program Files\Plus!
2008-02-25 15:00 --------- d-----w C:\Program Files\Pinnacle Systems
2008-02-25 15:00 --------- d-----w C:\Program Files\Pinnacle
2008-02-25 14:58 --------- d-----w C:\Program Files\PC VGA Camer@
2008-02-25 14:58 --------- d-----w C:\Program Files\Onnenpyörä
2008-02-25 14:58 --------- d-----w C:\Program Files\NimoCodec Pack
2008-02-25 14:57 --------- d-----w C:\Program Files\MUSICMATCH
2008-02-25 14:57 --------- d-----w C:\Program Files\MSECACHE
2008-02-25 14:57 --------- d-----w C:\Program Files\MSBuild
2008-02-25 14:57 --------- d-----w C:\Program Files\MouseWare
2008-02-25 14:57 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-25 14:57 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-25 14:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-25 14:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-25 14:57 --------- d-----w C:\Program Files\Microsoft
2008-02-25 14:57 --------- d-----w C:\Program Files\Maxtor
2008-02-25 14:57 --------- d-----w C:\Program Files\Logitech
2008-02-25 14:57 --------- d-----w C:\Program Files\JPEGCrops
2008-02-25 14:55 --------- d-----w C:\Program Files\Common Files\PCCamera
2006-01-28 09:33 21 ------w C:\Program Files\AVPersonalAVWIN.INI
2004-03-11 10:27 40,960 ------w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxTrApp"="C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll" [2003-07-18 08:32 247296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2002-05-20 19:36 90112]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-20 15:55 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 14:47 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BlueSoleil.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Pinnacle Scheduler.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^joo^Käynnistä-valikko^Ohjelmat^Käynnistys^Registration-PCTV.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^joo^Käynnistä-valikko^Ohjelmat^Käynnistys^UltimateZip Quick Start.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-25 14:47 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-09-14 15:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--------- 2003-05-08 11:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KCeasy]
--a------ 2008-02-03 17:59 1276928 C:\Program Files\KCeasy\KCeasy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
--------- 2003-04-10 19:41 49152 C:\Program Files\Pinnacle\Pinnacle PCTV\LaunchList.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--------- 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote]
--------- 2002-10-11 14:40 61440 C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 16:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-12 16:28 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"CCALib8"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"idsvc"=3 (0x3)
"wscsvc"=2 (0x2)
"Browser"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\KCeasy\\giFT\\giFTl.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 21:08:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
.
Näimpä taas
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2008 @ 21:25 |
Linkki tähän viestiin
|
C:\Program Files\Trend Micro\HijackThis\>> HijackThis.exe <<<
nimeä uudeleen
Uudelleen nimeäminen
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
2. Valitse Uudelleennineä/ Rename.
3. Kirjoita scanner.exe
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. maaliskuuta 2008 @ 21:30
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 21:59 |
Linkki tähän viestiin
|
EI löytynyt mitään erikoista.
Tässä listat:
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 21:48:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\KCeasy\\giFT\\giFTl.exe"="C:\\Program Files\\KCeasy\\giFT\\giFTl.exe:*:Disabled:giFT Loader for KCeasy"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\joo\TYPYT~1\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 ..SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 ..SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 ..SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 16 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 4 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Hijack lista:
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDown.../sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4472 bytes
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2008 @ 22:20 |
Linkki tähän viestiin
|
palomuuri taitaa olla wintoosan oma onkos se päällä.
Voiko tietsikka koskaan toimia?
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 22:24 |
Linkki tähän viestiin
|
|
Joo niin on, oli zone mutta tuli vaikeuksia ...
Eikö toi vakio riitä?
|
|
Hujo
Suspended permanently
|
22. maaliskuuta 2008 @ 22:26 |
Linkki tähän viestiin
|
No tuolla olis niitä vaihtoehtoja
Linkki
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
ekal
Newbie
|
22. maaliskuuta 2008 @ 22:37 |
Linkki tähän viestiin
|
|
Kiitos kovasti ja Hyvää Pääsiäistä!
|
|
