Kerion ilmoitukset, mistä apu?
|
|
limetto
Suspended due to non-functional email address
|
4. lokakuuta 2005 @ 16:34 |
Linkki tähän viestiin
|
Minulle asennettiin Kerio viime viikonloppuna ja siltä tulee koko ajan, ja jatkuvasti ilmoituslaatikko, jossa lukee seuraavaa:
Kerio Personal Firewall has detected and blocked and blocked an intrusion attempt of type Code injection. The technical details about the attack are provided in the window below.
Intrusion Attempt Blocked
Technical details about each incident are very useful to Kerio for further analysis. Only the contents on this window will be sent to Kerio.
[x] Allow technical details to be transmitted to Kerio
CLOSE <<Details
Technical details about the intrusion attempt:
Injector application: C:\Documents and Settings\All Users.WINDOWS\Application Data\Live Bird Flag Audio\boobdelete.exe
Description: boobdelete
File version:
Product name:
Product version:
Created: 2005/10/2, 17:30:12
Modified: 2005/10/2, 17:30:11
Accessed: 2005/10/4, 12:37:39
Target application: C:\Program Files\Internet Explorer\iexplore.exe
Description: Internet Explorer
File version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product name: Microsoft® Windows® -käyttöjärjestelmä
Product version: 6.00.2900.2180
Created: 2004/9/18, 10:22:47
Modified: 2004/9/14, 23:12:03
Accessed: 2005/10/4, 12:37:38
Address of injection: 0x001A5B63
Mitä tehdä? Miten ilmoituslaatikon saa ettei se tulisi enää? Asentaja ei tiennyt, entä te? TÄMÄ ON TODELLA ÄRSYTTÄVÄÄ KLIKATA SITÄ JOKA VÄLISSÄ KERTOKAA MITÄ TEEN
OLISIN KIITOLLINEN VASTAUKSESTA JOS JOKU OSAISI NEUVOA SELKEÄSTI SILLÄ EN OLE KOVIN HYVÄ TIETOKONEIDEN KANSSA ENKÄ LIIEMMIN ENGALNNINKAAN
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 4. lokakuuta 2005 @ 16:35
|
Zipp2
Member
|
4. lokakuuta 2005 @ 16:41 |
Linkki tähän viestiin
|
En ole koskaan käytänny Kerioo,mutta onko sen asetuksissa semmosta vaihtoehtoa että se ei näytä\hälytä niistä hyökkäyksistä.
Tuo rivi näyttää lopille joka tulee Messenger Plus 3:en mukana
C:\Documents and Settings\All Users.WINDOWS\Application Data\Live Bird Flag Audio\boobdelete.exe
joten pistä varalta Hijack logi tänne,niin katotaan onko se kunnossa.
http://koti.mbnet.fi/pattaya1/HijackThis.exe
|
limetto
Suspended due to non-functional email address
|
4. lokakuuta 2005 @ 17:00 |
Linkki tähän viestiin
|
Ei tossa ilmotuksessa mitää semmosta ollu, asetuksista en tiiä ku on englanniksi.
Mikä Hijack? Selittäisitkö hieman selkeämmin mitä pitää tehdä siis?
Nimmimerkki: Erittäin Tyhmä
|
Zipp2
Member
|
4. lokakuuta 2005 @ 17:11 |
Linkki tähän viestiin
|
> asetuksista en tiiä ku on englanniksi. <
En tiedä niistä Kerion asetuksista,mutta ehkä joku jolla on Kerio koneella näkee tämän ja autta.
Se Hijackki lataa se koneelle aukase ja :
Scan > Save log > säästä se johonki > sitte kopioi se ja pistä tänne.
|
Senior Member
|
4. lokakuuta 2005 @ 17:34 |
Linkki tähän viestiin
|
|
limetto
Suspended due to non-functional email address
|
4. lokakuuta 2005 @ 17:56 |
Linkki tähän viestiin
|
Okei, no jos ymmärsin oikein ni tässä tää:
Logfile of HijackThis v1.99.1
Scan saved at 21:56:08, on 4.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Ladatut\HijackThis-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vouxjcrlneksn.org/Ma5Cq4FpGoDcS3lAYt6wfeeCU_hLQiLKx_x9... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seewcqahiahofckbnwzkn.com/Ma5Cq4FpGoBhnstl9dkkbg8f7X7X... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F5A14C5-D2B4-4FD7-9338-75B73347F632} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BirdGreatForkFord] C:\Documents and Settings\All Users.WINDOWS\Application Data\IDLETRANSBIRDGREAT\Chicfree.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flag Audio More Meet] C:\Documents and Settings\All Users.WINDOWS\Application Data\Live Bird Flag Audio\boobdelete.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Heck mp3] C:\DOCUME~1\LOCALS~1.NT-\APPLIC~1\SEEKCA~1\Anti sign live.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} - http://www.advnt01.com/dialer/internazionale_ver3.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
Zipp2
Member
|
4. lokakuuta 2005 @ 18:09 |
Linkki tähän viestiin
|
Siirrä ensin se HijackThis.exe oman kansioon tonne
C:\HjT\HijackThis.exe
Poista Lisää/Poista paneelista jos näkyy
MessengerPlus3
Windows TaskAd
Merkkaa nuo sulje selain ja muut avoimet ikkunat ja paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vouxjcrlneksn.org/Ma5Cq4FpGoDcS3lAYt6wfeeCU_hLQiLKx_x9... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seewcqahiahofckbnwzkn.com/Ma5Cq4FpGoBhnstl9dkkbg8f7X7X... O2 - BHO: (no name) - {1F5A14C5-D2B4-4FD7-9338-75B73347F632} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [BirdGreatForkFord] C:\Documents and Settings\All Users.WINDOWS\Application Data\IDLETRANSBIRDGREAT\Chicfree.exe
O4 - HKCU\..\Run: [Heck mp3] C:\DOCUME~1\LOCALS~1.NT-\APPLIC~1\SEEKCA~1\Anti sign live.exe
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} - http://www.advnt01.com/dialer/internazionale_ver3.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
Käynnistä sitte vikasietotilassa ja poista jos löytyy
C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\ < kansio
C:\Program Files\Messenger Plus! 3\ < kansio
C:\Program Files\Windows TaskAd\ < kansio
C:\Documents and Settings\All Users.WINDOWS\Application Data\IDLETRANSBIRDGREAT\ < kansio
C:\DOCUME~1\LOCALS~1.NT-\APPLIC~1\SEEKCA~1\ < kansio
Käynnistä sitte normaalisti ja uus logi.
|
limetto
Suspended due to non-functional email address
|
4. lokakuuta 2005 @ 19:14 |
Linkki tähän viestiin
|
no moicca taas, mut vaikeeks menee ku pitäis selittää ku lapselle. oon niin pönttö tän koneen kanssa.
Hijack this on nyt d-kansiossa ku mulla on jaettu tää kone ni meni sinne ladattuihin.Sovellus paneelista poistin sen messenger plussan mut ei näyttäny olevan sitä windows taskadia. Jossain oon kyl sen nähny en nyt muista missä?
Ai miten sit merkkaan noi, tai siis mitkä?ja mistä sit toi fix checked sit tulee?ja miten sit käynnistetään vikasietotilassa?
Näin tyhmä oon :( kiitti käsivällisyydestä jo viitsit vielä neuvoa että ymmärrän.
Meen nyt nukkuu mut jos huomenna sais jotai selkoo tästä ja ai et ärsyttää ku toi laatikon tuleminen haittaa koneella olemista ku pitää koko ajan olla sulkemassa sitä :(
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 05:23 |
Linkki tähän viestiin
|
Mä voin toimia "vara-Zipp2:sena" ;)
Eli siis käynnistät hijackthisin, klikkaat do a system scan only, rasti näiden eteen ja paina fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vouxjcrlneksn.org/Ma5Cq4FpGoDcS3lAYt6wfeeCU_hLQiLKx_x9... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seewcqahiahofckbnwzkn.com/Ma5Cq4FpGoBhnstl9dkkbg8f7X7X... O2 - BHO: (no name) - {1F5A14C5-D2B4-4FD7-9338-75B73347F632} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [BirdGreatForkFord] C:\Documents and Settings\All Users.WINDOWS\Application Data\IDLETRANSBIRDGREAT\Chicfree.exe
O4 - HKCU\..\Run: [Heck mp3] C:\DOCUME~1\LOCALS~1.NT-\APPLIC~1\SEEKCA~1\Anti sign live.exe
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} - http://www.advnt01.com/dialer/internazionale_ver3.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
Ja sinne vikasietotilaan pääsee painamalla F8 käynnistyksen yhteydessä ja valitsemalla valikosta vikasietotila. Ja sitten poistat siellä nuo, mitä Zipp2 jo pyysi.
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 06:15 |
Linkki tähän viestiin
|
ok,kokeilen nyt...
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 07:51 |
Linkki tähän viestiin
|
No eipä onnistu ! Ruksitin noi mitä tos oli ja sammutin koneen mut siinä vikasieto tilassa ku on 3 vaihtoehtoo mitä painaa ni mitä niistä sit pitää painaa?
vaihtoehdot Floppy
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 07:54 |
Linkki tähän viestiin
|
No eipä onnistu ! Ruksitin noi mitä tos oli ja klikkasin sitä do a system skan only. sammutin koneen mut siinä vikasieto tilassa ku on 3 vaihtoehtoo mitä painaa ni mitä niistä sit pitää painaa?
vaihtoehdot Floppy, IDE-0 , tai cd/dvd-0
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 08:24 |
Linkki tähän viestiin
|
Käytä jatkossa edittiä, se on tällainen kuvake,löytyy viestin oikeasta yläkulmasta -> Sä painoit varmaan sitä F8:a liian aikaisin (koska toi on ns. "boot menu", josta voi valita, mistä kone käynnistyy). Yritä painaa sitä F8:a vasta vähän ennen kun Windowsin logo näkyy. Onnistuuko nyt?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. lokakuuta 2005 @ 08:25
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 13:46 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 17:41:49, on 5.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Ladatut\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vssjzkudfue.net/Ma5Cq4FpGoDcS3lAYt6wfeeCU_hLQiLKx_x9Qu... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flag Audio More Meet] C:\Documents and Settings\All Users.WINDOWS\Application Data\Live Bird Flag Audio\boobdelete.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 13:49 |
Linkki tähän viestiin
|
Zipp2 näköjään unohti eilen fixauttaa sulla tuon ongelman aihettajan ;)
Fixaa hijackthisillä:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vssjzkudfue.net/Ma5Cq4FpGoDcS3lAYt6wfeeCU_hLQiLKx_x9Qu... O4 - HKLM\..\Run: [Flag Audio More Meet] C:\Documents and Settings\All Users.WINDOWS\Application Data\Live Bird Flag Audio\boobdelete.exe
Käynnistä vikasietotilaan ja poista tämä:
C:\Documents and Settings\All Users.WINDOWS\Application Data\==>Live Bird Flag Audio<==
Käynnistä uudestaan ja lähetä uusi hijackthis-loki.
|
Zipp2
Member
|
5. lokakuuta 2005 @ 14:34 |
Linkki tähän viestiin
|
Katos,joo pääs livahtaan hyvä ku huomasit.
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 15:41 |
Linkki tähän viestiin
|
siis onko nyt ok ?
Scan saved at 19:37:47, on 5.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Ladatut\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.yapltukitnjtuduxzfyeprote.com/Ma5Cq4FpGoDcS3lAYt6wfeeC... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaedlhlskftoyvkhh.org/Ma5Cq4FpGoBhnstl9dkkbl82GjLB02B7... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common File
Tässä toi logi.
|
Zipp2
Member
|
5. lokakuuta 2005 @ 15:50 |
Linkki tähän viestiin
|
Merkkaa ja Fix:saa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.yapltukitnjtuduxzfyeprote.com/Ma5Cq4FpGoDcS3lAYt6wfeeC... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaedlhlskftoyvkhh.org/Ma5Cq4FpGoBhnstl9dkkbl82GjLB02B7... O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
Käynnistä sitte vikasietotilassa ja poista
C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\ < kansio
Käynnistä sitte normaalisti ja uus Hijack logi.
Pistä myös varalta StartupList logi Hijackistä.
Config.. > Misc Tools > sieltä löytyy
pistä ensin täpit niihin kahteen pikkurutuun ja sitte vasta scannaa.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. lokakuuta 2005 @ 15:51
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 15:52 |
Linkki tähän viestiin
|
Ei vieläkään valitettavasti :(
Fixaa nämä hijackthisillä:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.yapltukitnjtuduxzfyeprote.com/Ma5Cq4FpGoDcS3lAYt6wfeeC... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaedlhlskftoyvkhh.org/Ma5Cq4FpGoBhnstl9dkkbl82GjLB02B7... O2 - BHO: (no name) - {4499E163-4F6A-4B8F-C501-6E51F7926EFE} - C:\DOCUME~1\Satu\APPLIC~1\ANTE2~1\dupe inside.exe
Käynnistä vikasietotilaan ja poista:
C:\DOCUME~1\Satu\APPLIC~1\==>ANTE2~1<== (polun alku on C:\Documents and settings\Satu\Application data\ANTE2)
Käynnistä uudestaan ja lähetä uusi hijackthis-loki.
EDIT: Zipp2 oli nopeampi :)
Tarkennetaan siis tota startuphommaa: hijackthisissä open misc tools.. ja sieltä generate startuplist-kohdassa valitse "list also minor sections (full)" ja "list empty sections (complete)" ja paina sitten generate startuplist log ja paina kyllä. Kopioi sitten se loki tänne.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 5. lokakuuta 2005 @ 15:55
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 16:56 |
Linkki tähän viestiin
|
No täs ois nyt tää.Mitäs nyt sanot :)joko nyt :)
StartupList report, 5.10.2005, 20:51:16
StartupList version: 1.52.2
Started from : D:\Ladatut\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Ladatut\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Satu\Käynnistä-valikko\Ohjelmat\Käynnistys]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CnxDslTaskBar = C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
Creative WebCam Tray = C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
AtiPTA = atiptaxx.exe
WheelMouse = C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe
HP Software Update = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.
Registry check failed!
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
A9A4C6CD919342C9.job
Ad-aware.job
AECE5732918DD5A6.job
Spybot - Search & Destroy.job
--------------------------------------------------
Enumerating Download Program Files:
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
[Java Plug-in 1.5.0]
InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
[Java Plug-in 1.5.0]
InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
[{D03A1C33-1913-4533-A8C1-F2C8D13045DE}]
CODEBASE = http://www.cjb.net/search.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support -ympäristö: \SystemRoot\System32\drivers\afd.sys (system)
Hälytys: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Sovelluskerroksen yhdyskäytäväpalvelu: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
A4Tech Mouse Filter Driver: System32\DRIVERS\Amfilter.sys (system)
A4Tech HID-compliant Mouse Driver: System32\DRIVERS\Amusbprt.sys (manual start)
Sovellusten hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET-tilapalvelu: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standardi IDE/ESDI-kiintolevyohjain: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client -protokolla: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
BITS-tausta-ajo (Background Intelligent Transfer Service): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tietokoneiden selaus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indeksointipalvelu: C:\WINDOWS\System32\cisvc.exe (manual start)
Leikekirja: %SystemRoot%\system32\clipsrv.exe (disabled)
Conexant AccessRunner PCI ADSL LAN Adapter Driver: System32\DRIVERS\CnxTgN.sys (manual start)
Conexant AccessRunner PCI ADSL LAN Adapter Filter Driver: System32\DRIVERS\CnxTgP.sys (manual start)
Conexant AccessRunner PCI ADSL Interface Device Driver: System32\DRIVERS\CnxTgR.sys (manual start)
COM+-järjestelmäsovellus: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Salauspalvelut: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM-palvelinprosessin käynnistys: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-asiakas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Levyohjain: System32\DRIVERS\disk.sys (system)
Loogisen levyn hallinnan valvontapalvelu: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Loogisen levyn hallinta -ohjain: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Loogisen levyn hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS-asiakas: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Virheraportointipalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tapahtumaloki: %SystemRoot%\system32\services.exe (autostart)
COM+-tapahtumajärjestelmä: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Nopean käyttäjän vaihdon yhteensopivuus: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Levykeaseman ohjain: System32\DRIVERS\fdc.sys (manual start)
Levykeasemaohjain: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager -ohjain: System32\DRIVERS\ftdisk.sys (system)
Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system)
Yleinen paketinmääritys: System32\DRIVERS\msgpc.sys (manual start)
Ohjeet ja tuotetuki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID (Human Interface Device) -liittymä: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID -luokkaohjain: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-näppäimistö ja PS/2-hiiriohjain: System32\DRIVERS\i8042prt.sys (system)
CD-levyjen kirjoittamisen IMAPI COM -palvelu: C:\WINDOWS\System32\imapi.exe (manual start)
Windowsin IPv6-palomuurin ohjain: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-ohjain: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA -väyläohjain: System32\DRIVERS\isapnp.sys (system)
Näppäimistön luokkaohjain: System32\DRIVERS\kbdclass.sys (system)
Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kerio Personal Firewall 4: "C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe" (autostart)
Palvelin: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Työasema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Viestinvälitys: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting etätyöpöydän jakaminen: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Hiiren luokkaohjain: System32\DRIVERS\mouclass.sys (system)
Hiiren HID-ohjain: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service -välityspalvelin: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft-järjestelmänhallinnan BIOS-ohjain: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink -muunnin: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O -protokolla: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-käyttöliittymä: System32\DRIVERS\netbios.sys (system)
NetBIOS TCP/IP:n päällä: System32\DRIVERS\netbt.sys (system)
Verkon DDE: %SystemRoot%\system32\netdde.exe (disabled)
Verkon DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Verkkokirjautuminen: %SystemRoot%\System32\lsass.exe (manual start)
Verkkoyhteydet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NLA-nimiavaruus (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM -suojaustuen toimittaja: %SystemRoot%\System32\lsass.exe (manual start)
Siirrettävät tallennusvälineet: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Creative WebCam NX: System32\DRIVERS\P1110VID.sys (manual start)
Rinnakkaisporttiohjain: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC-palvelut: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Suojattu tallennuspaikka: %SystemRoot%\system32\lsass.exe (autostart)
QoS-paketinajoitus: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection -ohjain: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection -hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Etäkäytön (RAS) yhteyksienhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Suora rinnakkainen: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector -ohjain: System32\DRIVERS\rdpdr.sys (manual start)
Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Reititys ja etäkäyttö: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Etärekisteri: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Etäproseduurikutsujen (RPC) paikannin: %SystemRoot%\System32\locator.exe (manual start)
Etäproseduurikutsu (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Käyttöoikeustilien hallinta: %SystemRoot%\system32\lsass.exe (autostart)
Älykortti: %SystemRoot%\System32\SCardSvr.exe (manual start)
Tehtävien ajoitus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Toissijainen kirjautuminen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Järjestelmätapahtuman ilmoitus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter -ohjain: System32\DRIVERS\serenum.sys (manual start)
Sarjaporttiohjain: System32\DRIVERS\serial.sys (system)
Windowsin palomuuri / Internet-yhteyden jakaminen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Käyttöliittymän laitteistotunnistus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Taustatulostusohjain: %SystemRoot%\system32\spoolsv.exe (autostart)
Järjestelmän palautussuodatin -ohjain: System32\DRIVERS\sr.sys (system)
Järjestelmän palauttaminen -palvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP-palvelu (Simple Service Discovery Protocol): %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
WIA (Windows Image Acquisition): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Ohjelmistoväyläohjain: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{AF603F23-C953-4B37-B01E-8E284BA915EF} (manual start)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Resurssilokit ja -hälytykset: %SystemRoot%\system32\smlogsvc.exe (manual start)
Puhelin: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-protokollaohjain: System32\DRIVERS\tcpip.sys (system)
Päätelaiteohjain: System32\DRIVERS\termdd.sys (system)
Päätepalvelut: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Teemat: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Tiedostolinkkijäljityksen asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update -ohjain: System32\DRIVERS\update.sys (manual start)
Universal Plug & Play -laiteisäntä: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
UPS: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER -luokka: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA-näytönohjain: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaidexp.sys (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
Aseman tilannevedos: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WMI-palvelu (Windows Management Instrumentation): %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Kannettavan mediasoittimen sarjanumeropalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-palvelun ohjainlaajennukset: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI resurssisovitin: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Tietoturvakeskus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automaattiset päivitykset: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Verkon käyttöönottopalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 33 868 bytes
Report generated in 0,201 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
|
AfterDawn Addict
|
5. lokakuuta 2005 @ 17:00 |
Linkki tähän viestiin
|
Luulen kyl et ei :/
Nämä "jobit" vaikuttaa epäilyttäviltä:
A9A4C6CD919342C9.job
AECE5732918DD5A6.job
Zipp2 saa varmistaa epäilyni :)
Niin ja lähetä vielä se hijackthis-loki.
|
Zipp2
Member
|
5. lokakuuta 2005 @ 17:10 |
Linkki tähän viestiin
|
Joo nuo lopin jobit oli mielessä.
Ota tosta KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopoi molemmat rivit tosta alapuolelta yhellä kertaa
C:\WINDOWS\Tasks\A9A4C6CD919342C9.job
C:\WINDOWS\Tasks\AECE5732918DD5A6.job
Sitte KillBoxissa ylhäältä File > Paste from Clipboard
Sen jälkeen paina Delete (punanen jossa on valakonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.
Pistä sen jälkeen uus Hijack logi.
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 17:21 |
Linkki tähän viestiin
|
No yritän tota vaikuttaa vähä monimutkaselta. voitko selittää yksinkertasemmin ? ps. tyhmä mikä tyhmä :( Ettei menis sitten väärin.
|
Zipp2
Member
|
5. lokakuuta 2005 @ 17:27 |
Linkki tähän viestiin
|
En osaa ton helpommin selittää,avaa se KillBoxi ja kato sitä pikkasen,niin tajuat paremmin.
|
Mainos
|
|
|
limetto
Suspended due to non-functional email address
|
5. lokakuuta 2005 @ 17:42 |
Linkki tähän viestiin
|
No kokeilin tota, tai no oikeastaan mun tytär (11v) sen teki. Tässä nyt tämä loki taas.
Logfile of HijackThis v1.99.1
Scan saved at 21:40:34, on 5.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Ladatut\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\TeleWell TW-IA300C ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Josko nyt?
|