|
HJT-loki, trojan.vundo ongelma.
|
|
|
pAy
Junior Member
|
30. tammikuuta 2006 @ 14:42 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 19:30:19, on 30.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\winsysban4.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\asenna.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll
O20 - Winlogon Notify: urssq - C:\WINDOWS\SYSTEM32\urssq.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
|
spertti
Senior Member
|
30. tammikuuta 2006 @ 15:14 |
Linkki tähän viestiin
|
Ensiksi kopioi tämä ohje, ja tallenna se työpöydälle tekstitiedostona,
sillä fixin aikan sinulla ei ole nettiyhteyttä käytössä.
Hae VundoFix© tuolta. http://www.atribune.org/downloads/VundoFix.exe
Tallenna se työpöydälle
* Tuplakilikkaa VundoFix.exe ,jolloin se tekee Vundofix kansion työpöydälle
* Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )
* Vikasietotilassa avaa Vundofix kansio, ja tuplaklikkaa KillVundo.bat
* Ruutuun pitäisi ilmestyä varoitus, joka näyttää tältä.
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
* Paina Enter.
* Seuraavaksi pitäisi näkyä:
Please Type in the filepath as instructed by the forum staff
and then press enter:
* Seuraavaksi kirjoita tiedoston sijainti. Ole tarkkana, että kirjoitat sen varmasti oikein
C:\WINDOWS\system32\ljhif.dll
* Paina Enter.
* Seuraavaksi pitäisi näkyä:
Please type in the second filepath as instructed by the forum
staff then press enter:
* Seuraavaksi kirjoita tiedoston sijainti. Ole tarkkana, että kirjoitat sen varmasti oikein
C:\WINDOWS\system32\urssq.dll
* Paina Enter
* Nyt pitäisi aueta HijackThis, jos ei aukea, niin avaa se itse ( make a system scan )
* HjT:ssä Fixaa seuraavat
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll
O20 - Winlogon Notify: urssq - C:\WINDOWS\SYSTEM32\urssq.dll
* Kun olet fixannut nämä sulje HijackThis.
* Paina Enter poistuaksesi ohjelmasta. Tämän jälkeen käynnistä kone uudestaan.
Lähetä uusi HijackThis loki, ja vundofix.txt sisältö ( sen löydät vundofix kansiosta )
Hae myös Ewido, ja aja scanni sillä. laita myös Ewidon loki ihmeteltäväksi. Ohje > http://keskustelu.afterdawn.com/thread_view.cfm/269186
On erittäin tärkeää, että ajat tuon Vundofixin vikasietotilassa. Jos on ongelmia sinne pääsemisessä, niin kysy mielummin apua täältä, kuin aja se normaalitilassa.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. tammikuuta 2006 @ 15:15
|
|
Zipp2
Member
|
30. tammikuuta 2006 @ 15:14 |
Linkki tähän viestiin
|
|
poistin täälä oli jo reseptiä.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. tammikuuta 2006 @ 15:14
|
|
pAy
Junior Member
|
30. tammikuuta 2006 @ 17:00 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 21:41:04, on 30.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\winsysban4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll (file missing)
O20 - Winlogon Notify: urssq - urssq.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was c:\WINDOWS\system32\ljhif.dll
The second filepath entered was c:\WINDOWS\system32\urssq.dll
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 428 'smss.exe'
Killing PID 1840 'explorer.exe'
Killing PID 1840 'explorer.exe'
Killing PID 684 'winlogon.exe'
--------------------------------------------------------------------------------------
c:\WINDOWS\system32\ljhif.dll Deleted sucessfully.
c:\WINDOWS\system32\urssq.dll Deleted sucessfully.
Fixing Registry
--------------------------------------------------------------------------------------
|
|
spertti
Senior Member
|
30. tammikuuta 2006 @ 17:08 |
Linkki tähän viestiin
|
No jäihän sinne vielä.
Fixaa nämä HjT:lla
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll (file missing)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll (file missing)
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll (file missing)
O20 - Winlogon Notify: urssq - urssq.dll (file missing)
Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä ) ja poista nämä, jos löytyy:
C:\windows\winsysupd3.exe
C:\windows\winsysban4.exe
c:\windows\myupdates.exe
C:\WINDOWS\System32\xvd32.dll
C:\PROGRA~1\COMMON~1\fmoq <- kansio
Ajoitko äsken sen Ewidon? Se loki olis kiva kanssa nähdä.
EDIT: Niin ja laita uusi loki tämän jälkeen.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 30. tammikuuta 2006 @ 17:08
|
|
pAy
Junior Member
|
31. tammikuuta 2006 @ 11:17 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 16:16:50, on 31.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 16:15:00, 31.1.2006
+ Report-Checksum: 38FEF607
+ Scan result:
C:\Documents and Settings\LocalService\Cookies\system@casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Satu\ca32.exe/rm32.dll -> Adware.Virtumonde : Error during cleaning
C:\Documents and Settings\Satu\Local Settings\Temp\tmp00024ac7 -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp000430c0 -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp00044124 -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp00044efe -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp0004fbbd -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp0005e840 -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp00076a32 -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp0008425e -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\tmp00123a6f -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DP3.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DP4.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DP5.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DP6.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DP7.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temp\~DPF.exe -> Dropper.Delf.fd : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\4X81YTGX\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\4X81YTGX\winsysban4[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\b[1].zip -> Backdoor.Akbot.a : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\drsmartload46a[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\myupdates[1].exe -> Downloader.Adload.l : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\CNGPWDYD\ca32[2].zip/rm32.dll -> Adware.Virtumonde : Error during cleaning
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\CNGPWDYD\drsmartload[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\winsysban3[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\winsysupd3[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.j : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.j : Cleaned with backup
C:\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINDOWS\system32\awvst.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\byxya.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\fccdc.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\mllmj.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\nnnol.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\opnmn.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\urqnn.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\vtuuu.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
::Report End
|
AfterDawn Addict
|
31. tammikuuta 2006 @ 11:31 |
Linkki tähän viestiin
|
Tämän voit vielä fixata, muuten ok.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
Ja poista tämä:
C:\Documents and Settings\Satu\==>ca32.exe<==
Vikasietotilassa, jos ei muuten lähde.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 31. tammikuuta 2006 @ 13:12
|
|
pAy
Junior Member
|
31. tammikuuta 2006 @ 11:36 |
Linkki tähän viestiin
|
|
Suuret kiitokset avustanne!
|
|
Mainos
|
|
|
|
spertti
Senior Member
|
31. tammikuuta 2006 @ 19:27 |
Linkki tähän viestiin
|
|
Olepa hyvä =)
|
