|
En voi asentaa F-secure/HijackThis
|
|
|
batman187
Suspended due to non-functional email address
|
4. helmikuuta 2006 @ 16:57 |
Linkki tähän viestiin
|
kun yritän avata F-secure se sammuu. Jos yritän asentaa f-secure ohjelmaa kone ehdotaa sen sammutamista eikä anna sen asentamista ja sammutaa sen.
Logfile of HijackThis v1.99.1
Scan saved at 22:03:32, on 3.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\msmbw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=C:\WINDOWS\inet20002\winlogon.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\winlogon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20002\winlogon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{B855C1FA-6ED0-4158-9260-79538A165B19}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
spertti
Senior Member
|
4. helmikuuta 2006 @ 17:37 |
Linkki tähän viestiin
|
Sulla onkin kiva örkkikokoelma koneella. Yhteytesi on kaapattu Valko-Venäjältä käsin. Lisäksi tuo yksi örkki imuroi koko ajan lisää roskaa koneellesi. Ja suurin syy tähän on se, ettet ole päivittänyt Windowsia.... Kun ollaan saatu kone puhtaaksi, niin saat kyllä hakea sen Service Pack 2:n + muut kriittiset päivitykset. Muuten sun loki on foralla kerran viikossa.
Hae
fixwareout
http://forums.subratam.org/index.php?act=Attach&type=post&id=43811
tai
http://swandog46.geekstogo.com/Fixwareout.exe
Tallenna se työpöydälle
Klikkaa fixwareout käyntiin ja painele ok jne kun kysytään
Käynnistä uudelleen kun käsketään
HijackThis aukeaa automaattisesti tämän jälkeen. Jos se ei aukea, niin avaa se itse.
Fixaa nämä
F3 - REG:win.ini: run=C:\WINDOWS\inet20002\winlogon.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20002\3.01.00.dll
O4 - HKLM\..\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\winlogon.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\System32\formatsys.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\System32\serbw.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
04 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20002\winlogon.exe
Hae Ewido > http://keskustelu.afterdawn.com/thread_view.cfm/269186
Asenna ja päivitä. Älä tee vielä muuta
Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )
Poista nämä
C:\WINDOWS\==============>inet20002<=== kansio
C:\WINDOWS\System32\=====>formatsys.exe
C:\WINDOWS\System32\=====>serbw.exe
C:\WINDOWS\==============>msmbw.exe
Skannaa Ewidolla vikasietotilassa ja tallenna raportti
Käynnistä normaalitilaan, ja laita uusi loki+Ewidon raportti+ c:\fixwareout\report.txt sisältö
|
|
batman187
Suspended due to non-functional email address
|
5. helmikuuta 2006 @ 12:49 |
Linkki tähän viestiin
|
En löytänyt nämä
C:\WINDOWS\System32\=====>serbw.exe
C:\WINDOWS\==============>msmbw.exe
muuten OK.
Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 17:44:49, 4.2.2006
+ Report-Checksum: EED706E4
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Cleaned with backup
C:\Crazy frog gets killed by train!.pif -> Worm.Sumom.a : Cleaned with backup
:mozilla.17:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.63:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.64:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.65:C:\Documents and Settings\mahad\Application Data\Mozilla\Firefox\Profiles\nue4vif1.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mahad\Cookies\mahad@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\mahad\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe -> Worm.Sumom.a : Cleaned with backup
C:\Documents and Settings\mahad\Local Settings\Temp\her.pt -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\mahad\Local Settings\Temp\isinst.exe -> Downloader.IstBar.oe : Cleaned with backup
C:\Documents and Settings\mahad\Local Settings\Temporary Internet Files\Content.IE5\OHKNGJ07\1001[1].exe -> Downloader.Small.awa : Cleaned with backup
C:\Documents and Settings\mahad\Local Settings\Temporary Internet Files\Content.IE5\ULTE3YDK\009[1].jpg -> Downloader.Small.ccn : Cleaned with backup
C:\Documents and Settings\mahad\Omat tiedostot\Downloads\~~ the oc 311.rar/Setup_toolBar.exe -> Downloader.IstBar.nj : Cleaned with backup
:mozilla.27:C:\Documents and Settings\mahad1\Application Data\Mozilla\Firefox\Profiles\a7d5dl4o.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\mahad1\Application Data\Mozilla\Firefox\Profiles\a7d5dl4o.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\mahad1\Application Data\Mozilla\Firefox\Profiles\a7d5dl4o.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\mahad1\Cookies\mahad1@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mahad1\Local Settings\Application Data\Microsoft\CD Burning\autorun.exe -> Worm.Sumom.a : Cleaned with backup
C:\Fat Elvis! lol.pif -> Worm.Sumom.a : Cleaned with backup
C:\Program Files\Avant Browser\fdsf -> Downloader.Small.awa : Cleaned with backup
C:\Program Files\backups\backup-20060204-164155-397.dll -> Spyware.Ihbo : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\dial23.0xe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\howiper.0xe -> Trojan.Small.gq : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 17:55:04, on 4.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{B855C1FA-6ED0-4158-9260-79538A165B19}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
spertti
Senior Member
|
5. helmikuuta 2006 @ 13:00 |
Linkki tähän viestiin
|
|
Yhteys tulee vieläkin Valko-Venäjältä... Ajapa se FixWareOut uudestaan, ja kun HjT aukeaa fixaa nämä rivit: Jäi viimeksi jotenkin multa mainitsematta, vaikka noista sen örkin tunnistinkin =)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{B855C1FA-6ED0-4158-9260-79538A165B19}: NameServer = 85.255.115.20,85.255.112.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E9C5F71-7CB2-4E90-B6DE-23896FD523EF}: NameServer = 85.255.115.20 85.255.112.81
Laita vielä uusi loki sen jälkeen.
|
|
batman187
Suspended due to non-functional email address
|
8. helmikuuta 2006 @ 13:05 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 18:14:26, on 7.2.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ares\Ares.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipCheap] "C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Avaa kaikki linkit tältä sivulta... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Etsi - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Korosta - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Lisää mainostenestolistalle - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Torju kaikki kuvat samalta palvelimelta - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
spertti
Senior Member
|
8. helmikuuta 2006 @ 13:14 |
Linkki tähän viestiin
|
|
No nyt on hyvä =) Joko toimii paremmin?
|
|
mawdrgn
Member
|
8. helmikuuta 2006 @ 13:18 |
Linkki tähän viestiin
|
|
Saanko muuten spertti kysyä, että mistä tuosta näkee että yhetys on kaapattu Valko-Venäjältä? Ihan puhtaasta mielenkiinnosta ja uteliaisuudesta kysyn ;D
|
|
Mainos
|
|
|
|
spertti
Senior Member
|
8. helmikuuta 2006 @ 13:23 |
Linkki tähän viestiin
|
Nuo 017 rivin IP:t johtivat Valko-Venäjälle. Ihan googlettamalla sen IP:n, tai laittamalla sen tänne > http://www.dnsstuff.com/ ja sieltä vaikka IP information saat selville aika paljon. Tuo WareOut örkki, joka sinulla oli on yleensä tunnistettavissa juurikin noista Valko-Venäläisistä IP-osoitteista, jotka johtavat Atrivon palvelimelle. Mutta tosiaan tuo fixi joka ajettiin poistaa kaikki sen jätökset todella hyvin. WareOut on vain siitä mukava mato, että se imuroi koko ajan lisää roskaa koneelle mihin se on asentunut =) Mutta nyt se huomattiin ajoissa, ja poistokin sujui suhteellisen helposti eikös juu?
|
