|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Uudelleenkäynnnistyminen ja BSoD nettijohdon ollessa kiinni
|
|
|
JannutsQ
Newbie
|
31. toukokuuta 2008 @ 21:26 |
Linkki tähän viestiin
|
Eli siis, sain tässä muutama päivä sitten sen meseviiruksen. Yritin skannata koneen pariin kertaan, mutten onnistunut sitä poistamaan. Seuraavana päivänä kone alkoi käynnistelemään itseään uudelleen tai antamaan tämmöistä kuoleman siniruutua. Tämä ei kuitenkaan tapahdu jos nettijohto ei ole yhdistetty.
Naapurin koneella sain täältä katsottua avut ja keinot meseviruksen poistamiseksi combofiksillä ja HjT:illä, mutten ole ehtinyt kokeilemaan toimiko se. Hankin AVG:n ja skannasin koneen, ja se nappasi muutaman viruksen, mutta ongelmat jatkuvat.
Aika jonka pystyn käyttämään netissä vaihtelee muutamasta minuutista pariin tuntiin.
Pidemmittä puheitta HjT logini;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:52, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgam.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgrsx.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgnsx.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hudhcyeoayxrxbdizekwox.com/YY...n5rd4dA48FI.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12090 bytes
|
|
JannutsQ
Newbie
|
6. kesäkuuta 2008 @ 17:37 |
Linkki tähän viestiin
|
|
No sitten, tuolla C kansiossa huomasin olevan semmoisia epäilyttäviä sovelluksia kuin "sexx2", "sxy", "sxy1", "sz", "dci", "dczi", "delme" ja "f", sekä tekstitiedosto "rapport" (kahdella t:llä). Voisiko joku niistä olla ongelman aiheuttaja?
|
|
Hujo
Suspended permanently
|
6. kesäkuuta 2008 @ 19:13 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
Messenger Plus! 3
poista kansio vikasiedossa
C:\Program Files\Messenger Plus! 3
==============
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hudhcyeoayxrxbdizekwox.com/YY...n5rd4dA48FI.htm
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
=============
koneella avg8 ja norton poista toinen
============
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 6. kesäkuuta 2008 @ 19:13
|
|
JannutsQ
Newbie
|
6. kesäkuuta 2008 @ 22:51 |
Linkki tähän viestiin
|
Poistin HjT:llä sen "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hudhcyeoayxrxbdizekwox.com/YY...n5rd4dA48FI.htm", mutten nähnyt "O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart" :aa.
Poistin myös Nortonin.
Combofixin logi:
ComboFix 08-05-28.4 - janin 2008-06-06 22:18:16.2 - NTFSx86
Running from: C:\Documents and Settings\janin\Työpöytä\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM8708a6b9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\service.exe
C:\WINDOWS\system32\qmpseddj.ini
C:\WINDOWS\system32\ssqOGayv.dll
C:\WINDOWS\system32\vyaGOqss.ini
C:\WINDOWS\system32\vyaGOqss.ini2
C:\WINDOWS\ups.exe
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 22:07 . 2008-06-06 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-06 18:25 . 2008-06-06 18:25 57,856 --a------ C:\WINDOWS\system32\pmnnLecy.dll
2008-06-06 18:25 . 2008-06-06 18:25 57,856 --a------ C:\WINDOWS\system32\mlJdabXp.dll
2008-06-06 18:20 . 2008-06-06 18:20 57,856 --a------ C:\WINDOWS\system32\awtsQJAq.dll
2008-06-06 17:58 . 2008-06-06 17:58 127,488 --a------ C:\WINDOWS\system32\fknwpulq.dll
2008-06-06 17:58 . 2008-06-06 17:59 118,272 --a------ C:\WINDOWS\system32\jddespmq.dll
2008-06-06 17:55 . 2008-06-06 17:55 57,856 --a------ C:\WINDOWS\system32\ddcBUnnm.dll
2008-06-06 17:52 . 2008-06-06 17:52 57,856 --a------ C:\WINDOWS\system32\jkkHWOeC.dll
2008-06-06 17:04 . 2008-06-06 17:42 49,156 --a------ C:\sz.exe
2008-06-06 17:03 . 2008-06-06 17:03 2,232 --a------ C:\sexx2.exe
2008-06-06 02:03 . 2008-06-06 12:58 2,232 --a------ C:\f.exe
2008-06-04 04:40 . 2008-06-04 04:40 3,419 --a------ C:\WINDOWS\is154890.exe
2008-05-30 13:10 . 2008-05-30 13:10 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AVGTOOLBAR
2008-05-28 22:27 . 2008-06-04 04:23 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-05-28 22:23 . 2008-05-28 22:23 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 22:23 . 2008-05-29 16:29 <KANSIO> d-------- C:\Documents and Settings\janin\Application Data\AVGTOOLBAR
2008-05-28 22:23 . 2008-05-28 22:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 22:23 . 2008-05-28 22:23 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-28 22:23 . 2008-05-28 22:23 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-28 22:23 . 2008-05-28 22:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Program Files\AVG
2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 22:22 . 2008-05-28 22:22 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-28 22:22 . 2008-05-28 22:22 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-28 20:25 . 2008-05-28 20:25 40,960 --a------ C:\dczi.exe
2008-05-28 19:27 . 2008-05-28 20:09 56,832 --a------ C:\sxy1.com
2008-05-28 19:20 . 2008-05-28 19:20 56,832 --a------ C:\sxy.com
2008-05-28 18:56 . 2008-05-28 18:56 <KANSIO> d-------- C:\fsaua.data
2008-05-28 18:47 . 2008-05-28 22:35 40,960 --a------ C:\dci.exe
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 18:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-06 17:11 --------- d-----w C:\Program Files\Symantec
2008-06-06 09:59 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-06-05 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 21:01 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\helpcreativedart
2008-05-28 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbproxyeachgram
2008-05-13 20:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 13:21 --------- d-----w C:\Program Files\Java
2008-05-04 13:18 --------- d-----w C:\Program Files\Common Files\Java
2008-04-28 16:43 --------- d-----w C:\Program Files\Windows Live
2008-04-28 16:43 --------- d-----w C:\Program Files\MSN Messenger
2008-04-28 16:43 --------- d-----w C:\Program Files\Circle Developement
2007-12-20 17:10 24,256 ----a-w C:\Documents and Settings\janin\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 18:36 24,256 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-05-06 18:42 13,195 ----a-w C:\Documents and Settings\Omistaja\ZGUICFGW.DAT
2007-02-26 15:48 56 --sh--r C:\WINDOWS\system32\5086B1D9D3.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_18.06.38.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:54:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 19:28:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-28 18:59:13 3,580 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-06-05 19:10:47 3,580 ----a-w C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28C1EEFB-DD85-4227-BC29-C17D7366B27D}]
2008-06-06 17:52 57856 --a------ C:\WINDOWS\system32\jkkHWOeC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 01:55 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 01:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 22:10 335872]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"WinampAgent"="C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY"="C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe" [ ]
"Windows svchost"="ups.exe" [2004-09-15 02:12 18432 C:\WINDOWS\system32\ups.exe]
"843b9525"="C:\WINDOWS\system32\jddespmq.dll" [2008-06-06 17:59 118272]
"BM8708a6b9"="C:\WINDOWS\system32\fknwpulq.dll" [2008-06-06 17:58 127488]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{28C1EEFB-DD85-4227-BC29-C17D7366B27D}"= C:\WINDOWS\system32\jkkHWOeC.dll [2008-06-06 17:52 57856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOeC]
jkkHWOeC.dll 2008-06-06 17:52 57856 C:\WINDOWS\system32\jkkHWOeC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Omistaja^Käynnistä-valikko^Ohjelmat^Käynnistys^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
--a------ 2003-11-11 16:06 155648 C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmenTheAnteCurb]
C:\Documents and Settings\All Users\Application Data\blahdeleteamenthe\open first.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apwheel]
C:\WINDOWS\System32\8176.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bits peak locks body]
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Open Hide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hutnvqve]
C:\Program Files\Pglkmv\Ftqd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lies Site]
C:\DOCUME~1\janin\APPLIC~1\HELPCR~1\knobdash.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 11:52 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxwjnq]
C:\WINDOWS\system32\szpdaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpitmfwr]
C:\WINDOWS\mpitmfwr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nrlr]
C:\WINDOWS\FNTS~1\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcrqzcv]
C:\WINDOWS\pcrqzcv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 22:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanu]
c:\program files\zangoclient\zanu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zmn]
C:\WINDOWS\zmn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISSVC"=2 (0x2)
"SBService"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26460:TCP"= 26460:TCP:BitComet 26460 TCP
"26460:UDP"= 26460:UDP:BitComet 26460 UDP
"57843:TCP"= 57843:TCP:Pando P2P TCP Listening Port
"57843:UDP"= 57843:UDP:Pando P2P UDP Listening Port
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-06 18:00:00 C:\WINDOWS\Tasks\A921CE35918E43E9.job"
- c:\docume~1\omistaja\applic~1\helpcr~1\Bore data roam.exe
"2008-06-06 18:00:00 C:\WINDOWS\Tasks\A9459A8E906E1312.job"
- c:\docume~1\janin\applic~1\helpcr~1\Bore data roam.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 22:30:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"VTTimer"="VTTimer.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkHWOeC.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jddespmq.dll
-> C:\WINDOWS\system32\fknwpulq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2008-06-06 22:37:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 19:36:49
ComboFix2.txt 2008-05-29 15:07:04
Pre-Run: 44,911,296,512 tavua vapaana
Post-Run: 44,989,992,960 tavua vapaana
239
|
|
JannutsQ
Newbie
|
6. kesäkuuta 2008 @ 22:58 |
Linkki tähän viestiin
|
Tässä myös viimeisin HjT logi;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:44, on 6.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\janin\Työpöytä\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {28C1EEFB-DD85-4227-BC29-C17D7366B27D} - C:\WINDOWS\system32\jkkHWOeC.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [843b9525] rundll32.exe "C:\WINDOWS\system32\jddespmq.dll",b
O4 - HKLM\..\Run: [BM8708a6b9] Rundll32.exe "C:\WINDOWS\system32\fknwpulq.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHWOeC - C:\WINDOWS\SYSTEM32\jkkHWOeC.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe (file missing)
O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9175 bytes
|
|
Hujo
Suspended permanently
|
6. kesäkuuta 2008 @ 23:13 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\sz.exe
C:\sexx2.exe
C:\f.exe
C:\WINDOWS\is154890.exe
C:\dczi.exe
C:\sxy1.com
C:\sxy.com
C:\dci.exe
C:\WINDOWS\system32\jkkHWOeC.dll
C:\WINDOWS\system32\jddespmq.dll
C:\WINDOWS\system32\fknwpulq.dll
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=============
Näyttä siltä että sulla ei ole virustorjunta kunnossa
tarkista se puoli nyt
Voiko tietsikka koskaan toimia?
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 00:02 |
Linkki tähän viestiin
|
|
Tosiaan, siirsin sen Avg:n muistitikulle muutama päivä sitten, kun tuo BSoD ehdotti poistamaan lähiaikoina asennetut ohjelmat. Pitääkin laittaa takaisin.
Combofix logi;
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 00:06 |
Linkki tähän viestiin
|
Agh, klikkasin huti, eivätkä nyypät näköjään saa muokata viestejään..
loki;
ComboFix 08-05-28.4 - janin 2008-06-06 23:39:43.3 - NTFSx86
Running from: C:\Documents and Settings\janin\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\janin\Työpöytä\CFScript.txt
FILE ::
C:\dci.exe
C:\dczi.exe
C:\f.exe
C:\sexx2.exe
C:\sxy.com
C:\sxy1.com
C:\sz.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\system32\fknwpulq.dll
C:\WINDOWS\system32\jddespmq.dll
C:\WINDOWS\system32\jkkHWOeC.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dci.exe
C:\dczi.exe
C:\f.exe
C:\sexx2.exe
C:\sxy.com
C:\sxy1.com
C:\sz.exe
C:\WINDOWS\is154890.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fknwpulq.dll
C:\WINDOWS\system32\jddespmq.dll
C:\WINDOWS\system32\jkkHWOeC.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-06 to 2008-06-06 )))))))))))))))))
.
2008-06-06 22:37 . 2008-06-06 22:37 294 ---hs---- C:\WINDOWS\system32\qmpseddj.ini
2008-06-06 22:37 . 2008-06-06 22:37 0 --a------ C:\WINDOWS\BM8708a6b9.xml
2008-06-06 22:07 . 2008-06-06 22:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-06 18:25 . 2008-06-06 18:25 57,856 --a------ C:\WINDOWS\system32\pmnnLecy.dll
2008-06-06 18:25 . 2008-06-06 18:25 57,856 --a------ C:\WINDOWS\system32\mlJdabXp.dll
2008-06-06 18:20 . 2008-06-06 18:20 57,856 --a------ C:\WINDOWS\system32\awtsQJAq.dll
2008-06-06 17:55 . 2008-06-06 17:55 57,856 --a------ C:\WINDOWS\system32\ddcBUnnm.dll
2008-05-30 13:10 . 2008-05-30 13:10 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\AVGTOOLBAR
2008-05-28 22:27 . 2008-06-04 04:23 <KANSIO> d--h----- C:\$AVG8.VAULT$
2008-05-28 22:23 . 2008-05-28 22:23 <KANSIO> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 22:23 . 2008-05-29 16:29 <KANSIO> d-------- C:\Documents and Settings\janin\Application Data\AVGTOOLBAR
2008-05-28 22:23 . 2008-05-28 22:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 22:23 . 2008-05-28 22:23 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-28 22:23 . 2008-05-28 22:23 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-28 22:23 . 2008-05-28 22:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Program Files\AVG
2008-05-28 22:22 . 2008-05-28 22:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 22:22 . 2008-05-28 22:22 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-28 22:22 . 2008-05-28 22:22 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-28 18:56 . 2008-05-28 18:56 <KANSIO> d-------- C:\fsaua.data
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 18:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-06 17:11 --------- d-----w C:\Program Files\Symantec
2008-06-06 09:59 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-06-05 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 21:01 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\helpcreativedart
2008-05-28 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbproxyeachgram
2008-05-13 20:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 13:21 --------- d-----w C:\Program Files\Java
2008-05-04 13:18 --------- d-----w C:\Program Files\Common Files\Java
2008-04-28 16:43 --------- d-----w C:\Program Files\Windows Live
2008-04-28 16:43 --------- d-----w C:\Program Files\MSN Messenger
2008-04-28 16:43 --------- d-----w C:\Program Files\Circle Developement
2007-12-20 17:10 24,256 ----a-w C:\Documents and Settings\janin\Application Data\GDIPFONTCACHEV1.DAT
2005-10-02 18:36 24,256 ----a-w C:\Documents and Settings\Omistaja\Application Data\GDIPFONTCACHEV1.DAT
2005-05-06 18:42 13,195 ----a-w C:\Documents and Settings\Omistaja\ZGUICFGW.DAT
2007-02-26 15:48 56 --sh--r C:\WINDOWS\system32\5086B1D9D3.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_18.06.38.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:54:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 20:44:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-28 18:59:13 3,580 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-06-05 19:10:47 3,580 ----a-w C:\WINDOWS\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 01:55 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 08:07 114688]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 01:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 22:10 335872]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"WinampAgent"="C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY"="C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe" [ ]
"Windows svchost"="ups.exe" [2004-09-15 02:12 18432 C:\WINDOWS\system32\ups.exe]
"843b9525"="C:\WINDOWS\system32\jddespmq.dll" [ ]
"BM8708a6b9"="C:\WINDOWS\system32\fknwpulq.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWOeC]
jkkHWOeC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Omistaja^Käynnistä-valikko^Ohjelmat^Käynnistys^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
--a------ 2003-11-11 16:06 155648 C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmenTheAnteCurb]
C:\Documents and Settings\All Users\Application Data\blahdeleteamenthe\open first.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apwheel]
C:\WINDOWS\System32\8176.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bits peak locks body]
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Open Hide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hutnvqve]
C:\Program Files\Pglkmv\Ftqd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lies Site]
C:\DOCUME~1\janin\APPLIC~1\HELPCR~1\knobdash.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 11:52 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxwjnq]
C:\WINDOWS\system32\szpdaw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpitmfwr]
C:\WINDOWS\mpitmfwr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nrlr]
C:\WINDOWS\FNTS~1\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcrqzcv]
C:\WINDOWS\pcrqzcv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 22:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanu]
c:\program files\zangoclient\zanu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zmn]
C:\WINDOWS\zmn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISSVC"=2 (0x2)
"SBService"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26460:TCP"= 26460:TCP:BitComet 26460 TCP
"26460:UDP"= 26460:UDP:BitComet 26460 UDP
"57843:TCP"= 57843:TCP:Pando P2P TCP Listening Port
"57843:UDP"= 57843:UDP:Pando P2P UDP Listening Port
.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-06 20:00:00 C:\WINDOWS\Tasks\A921CE35918E43E9.job"
- c:\docume~1\omistaja\applic~1\helpcr~1\Bore data roam.exe
"2008-06-06 20:00:00 C:\WINDOWS\Tasks\A9459A8E906E1312.job"
- c:\docume~1\janin\applic~1\helpcr~1\Bore data roam.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 23:46:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"VTTimer"="VTTimer.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
.
**************************************************************************
.
Completion time: 2008-06-06 23:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 20:56:00
ComboFix2.txt 2008-06-06 19:37:10
ComboFix3.txt 2008-05-29 15:07:04
Pre-Run: 45,000,507,392 tavua vapaana
Post-Run: 44,986,617,856 tavua vapaana
235
|
|
Hujo
Suspended permanently
|
7. kesäkuuta 2008 @ 00:14 |
Linkki tähän viestiin
|
|
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 00:21 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:18:49, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\janin\Työpöytä\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [843b9525] rundll32.exe "C:\WINDOWS\system32\jddespmq.dll",b
O4 - HKLM\..\Run: [BM8708a6b9] Rundll32.exe "C:\WINDOWS\system32\fknwpulq.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHWOeC - jkkHWOeC.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe (file missing)
O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9105 bytes
|
|
Hujo
Suspended permanently
|
7. kesäkuuta 2008 @ 00:46 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
Lainaus:
File::
C:\WINDOWS\ups.exe
C:\WINDOWS\system32\jddespmq.dll
C:\WINDOWS\system32\fknwpulq.dll
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=========
scannaa hjt:llä merkkaa paina Fix checked
O4 - HKLM\..\Run: [Windows svchost] ups.exe
O4 - HKLM\..\Run: [843b9525] rundll32.exe "C:\WINDOWS\system32\jddespmq.dll",b
O4 - HKLM\..\Run: [BM8708a6b9] Rundll32.exe "C:\WINDOWS\system32\fknwpulq.dll",s
O20 - Winlogon Notify: jkkHWOeC - jkkHWOeC.dll (file missing)
==========
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.
Voiko tietsikka koskaan toimia?
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 03:03 |
Linkki tähän viestiin
|
|
Asensin tuon Malware bytesin, mutta päivittäessä se valitti Runtime error 53, tai jotain sinne päin, eikä päivittänyt. Joka tapauksessa, suoritin skannin ja tässä loki;
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 800
2:57:38 7.6.2008
mbam-log-6-7-2008 (02-57-38).txt
Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 197158
Kulunut aika: 1 hour(s), 46 minute(s), 1 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 5
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 7
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\s300.s300mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\s300.s300mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{28f85800-2969-4966-8894-eda174875e71} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBUnnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnLecy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsQJAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJdabXp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 03:08 |
Linkki tähän viestiin
|
Tässä Malware bytesin skannin jälkeen hankittu HjT loki;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:37, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgrsx.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgrsx.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgrsx.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\VLC\vlc.exe
C:\Documents and Settings\janin\Työpöytä\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9023 bytes
|
|
Hujo
Suspended permanently
|
7. kesäkuuta 2008 @ 03:11 |
Linkki tähän viestiin
|
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3
1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
Voiko tietsikka koskaan toimia?
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 03:51 |
Linkki tähän viestiin
|
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\janin\Työpöytä
[7.6.2008]
[3:27:53]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\A921CE35918E43E9.job
C:\WINDOWS\tasks\A9459A8E906E1312.job
Beginning Removal...
Rebooting...
Beginning Removal...
Rebooting...
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\All Users\Application Data\Barbproxyeachgram
C:\Documents and Settings\All Users\Application Data\Blahdeleteamenthe
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Knob Intra Body Noun -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Wildtangent
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Janin\Application Data\.bittorrent
C:\Documents and Settings\Janin\Application Data\Adobe
C:\Documents and Settings\Janin\Application Data\Atari
C:\Documents and Settings\Janin\Application Data\Avgtoolbar
C:\Documents and Settings\Janin\Application Data\Azureus
C:\Documents and Settings\Janin\Application Data\Canon -- EMPTY Directory
C:\Documents and Settings\Janin\Application Data\Corel
C:\Documents and Settings\Janin\Application Data\Creative
C:\Documents and Settings\Janin\Application Data\Documents And Settings -- EMPTY Directory
C:\Documents and Settings\Janin\Application Data\Fretsonfire
C:\Documents and Settings\Janin\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Janin\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Janin\Application Data\Helpcreativedart
C:\Documents and Settings\Janin\Application Data\Identities
C:\Documents and Settings\Janin\Application Data\Intertrust
C:\Documents and Settings\Janin\Application Data\Intervideo
C:\Documents and Settings\Janin\Application Data\Lavasoft
C:\Documents and Settings\Janin\Application Data\Macromedia
C:\Documents and Settings\Janin\Application Data\Malwarebytes
C:\Documents and Settings\Janin\Application Data\Microsoft
C:\Documents and Settings\Janin\Application Data\Motive
C:\Documents and Settings\Janin\Application Data\Mount&blade
C:\Documents and Settings\Janin\Application Data\Mozilla
C:\Documents and Settings\Janin\Application Data\Nexon
C:\Documents and Settings\Janin\Application Data\Opera
C:\Documents and Settings\Janin\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Janin\Application Data\Skype
C:\Documents and Settings\Janin\Application Data\Sonic
C:\Documents and Settings\Janin\Application Data\Sun
C:\Documents and Settings\Janin\Application Data\Symantec
C:\Documents and Settings\Janin\Application Data\Vlc
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Webroot
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
C:\Documents and Settings\Omistaja\Application Data\.bittorrent
C:\Documents and Settings\Omistaja\Application Data\Adobe
C:\Documents and Settings\Omistaja\Application Data\Apple Computer
C:\Documents and Settings\Omistaja\Application Data\Atari
C:\Documents and Settings\Omistaja\Application Data\Avgtoolbar -- EMPTY Directory
C:\Documents and Settings\Omistaja\Application Data\Azureus
C:\Documents and Settings\Omistaja\Application Data\Canon -- EMPTY Directory
C:\Documents and Settings\Omistaja\Application Data\Corel
C:\Documents and Settings\Omistaja\Application Data\Creative
C:\Documents and Settings\Omistaja\Application Data\Dvdcss
C:\Documents and Settings\Omistaja\Application Data\Fotowire
C:\Documents and Settings\Omistaja\Application Data\Fretsonfire
C:\Documents and Settings\Omistaja\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Omistaja\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Omistaja\Application Data\Helpcreativedart
C:\Documents and Settings\Omistaja\Application Data\Identities
C:\Documents and Settings\Omistaja\Application Data\Intertrust
C:\Documents and Settings\Omistaja\Application Data\Intervideo
C:\Documents and Settings\Omistaja\Application Data\Last.fm
C:\Documents and Settings\Omistaja\Application Data\Lavasoft
C:\Documents and Settings\Omistaja\Application Data\Leadertech
C:\Documents and Settings\Omistaja\Application Data\Macromedia
C:\Documents and Settings\Omistaja\Application Data\Microsoft
C:\Documents and Settings\Omistaja\Application Data\Motive
C:\Documents and Settings\Omistaja\Application Data\Mount&blade
C:\Documents and Settings\Omistaja\Application Data\Mozilla
C:\Documents and Settings\Omistaja\Application Data\Msn6
C:\Documents and Settings\Omistaja\Application Data\Nexon
C:\Documents and Settings\Omistaja\Application Data\Opera
C:\Documents and Settings\Omistaja\Application Data\Registry Cleaner
C:\Documents and Settings\Omistaja\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Omistaja\Application Data\Skype
C:\Documents and Settings\Omistaja\Application Data\Sonic
C:\Documents and Settings\Omistaja\Application Data\Sun
C:\Documents and Settings\Omistaja\Application Data\Symantec
C:\Documents and Settings\Omistaja\Application Data\Vlc
C:\Documents and Settings\Omistaja\Application Data\Xfire
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 03:54 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti JannutsQ:
NoLop! Log by Skate_Punk_21
Beginning Removal...
Rebooting...
Beginning Removal...
Rebooting...
Beginning Removal...
Rebooting...
Ehehe, painoin reboottia useamman kerran, kun se kestikin hetken aloittaa..
HjT loki;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:11, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgam.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgrsx.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgnsx.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\FireFox\firefox.exe
C:\Documents and Settings\janin\Työpöytä\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Omistaja\Työpöytä\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Documents and Settings\janin\Työpöytä\Janin\Ohjelmat\AVG\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\DOCUME~1\janin\TYPYT~1\Janin\Ohjelmat\AVG\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9035 bytes
|
|
Hujo
Suspended permanently
|
7. kesäkuuta 2008 @ 03:56 |
Linkki tähän viestiin
|
Lataa TÄSTÄ VundoFix.exe työpöydällesi.
Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Fix Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
Voiko tietsikka koskaan toimia?
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 04:24 |
Linkki tähän viestiin
|
|
Skanni valmis, ei löytänyt ongelmia.
|
|
Hujo
Suspended permanently
|
7. kesäkuuta 2008 @ 04:40 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 7. kesäkuuta 2008 @ 04:45
|
|
Mainos
|
|
|
|
JannutsQ
Newbie
|
7. kesäkuuta 2008 @ 05:02 |
Linkki tähän viestiin
|
|
Hyvin näyttää toimivan. Monet tuhannet ja yhdet kiitokset korvaamattomasta avusta~!
|
|
